In recent years, Deutsche Bank has offered an account switching service together with its subsidiary, Postbank. Unfortunately, customers who have used this service have likely become victims of data theft. The two banks are currently informing affected customers about the incident, in which an external service provider became the target of unknown attackers. Although the exact number of stolen records is unknown, the volume of stolen data is a cause for concern.
Access to sensitive data
According to a report in the “Bonner General-Anzeiger” newspaper, first names, last names and IBANs of account holders were stolen. The service provider had stored this data in order to forward it to the respective employer and other payment partners after an account had been moved. Deutsche Bank has already informed the affected customers in writing.
It is important to emphasize that the stolen data alone is not sufficient to directly access an account or make transfers. However, criminals could use them, for example, to order goods by direct debit and to make direct debits. The IBAN alone is sufficient for this. For this reason, banks are asking affected customers to carefully check their account transactions. Unauthorized direct debits can be returned retroactively for up to 13 months, and the bank will then refund the money.
Phishing attacks to be feared
In addition, the criminals could use the stolen data to compose more convincing phishing emails. This could expose victims to further data breaches, which could allow attackers to withdraw money directly from accounts.
Deutsche Bank says the cause of the incident has been identified and fixed by the affected service provider. There is also potentially a risk that more than a hundred companies in over 40 countries could be affected. The bank’s internal systems were not affected at any time, and the incident is not related to the recently completed IT integration of Postbank accounts.
At a time when online banking and digital transactions are part of everyday life, banks and service providers must invest more in the security of their systems and data. At the same time, customers should always protect their sensitive information and ensure that they use strong passwords, regularly check their accounts and report suspicious activities.