In recent years, Deutsche Bank, together with its subsidiary Postbank, has offered an account switching service. Unfortunately, customers who have used this service have probably become victims of data theft. The two banks are currently informing affected customers about the incident, in which an external service provider became the target of unknown attackers. Although the exact number of data records stolen is not known, the amount of data stolen is a cause for concern.

Access to sensitive data

According to a report in the "Bonner General-Anzeiger", the first names, surnames and IBANs of account holders were stolen. The service provider had stored this data in order to forward it to the respective employer and other payment partners after an account had been moved. Deutsche Bank has already informed the affected customers in writing.

It is important to emphasize that the stolen data alone is not sufficient to directly access an account or make transfers. However, criminals could use them to order goods by direct debit and make direct debits, for example. The IBAN alone is sufficient for this. For this reason, banks are asking affected customers to check their account transactions carefully. Unauthorized direct debits can be returned retroactively for up to 13 months and the bank will then refund the money.

Phishing attacks are to be feared

In addition, the criminals could use the stolen data to write more convincing phishing emails. This could expose the victims to further data breaches, which could enable the attackers to debit money directly from the accounts.

Deutsche Bank states that the cause of the incident has been identified and rectified by the service provider concerned. There is also a potential risk that more than one hundred companies in over 40 countries are affected. The bank's internal systems were not affected at any time and the incident is not related to the recently completed IT integration of Postbank accounts.

At a time when online banking and digital transactions are part of everyday life, banks and service providers need to invest more in the security of their systems and data. At the same time, customers should always protect their sensitive information and ensure that they use strong passwords, regularly check their accounts and report suspicious activity.