Hackers capture names and IBAN
Thousands of bank customers in Germany affected by data leak
7/11/2023 4:07 p.m
In a hacker attack, the account details of thousands of German bank customers fall into the hands of unknown persons. Four large financial institutions are affected. These are now calling on those affected to check their accounts for suspicious debits.
The data leak at a service provider for account switching that became known a few days ago is affecting more bank customers than initially known. The direct bank ING and the Comdirect, which belongs to Commerzbank, were also affected by the hacker attack, as both houses confirmed. On Friday, Deutsche Bank had already made public in response to a media report that the personal data of an undisclosed number of customers had fallen into the hands of unknown persons. According to information from the “Bonner General-Anzeiger”, it was about first names, surnames and account numbers (IBAN).
A spokesman for ING Germany now said: “We are also aware that a hacker attack was recently carried out on a service provider with whom we work as part of the statutory account switching assistance.” In doing so, unauthorized persons would have gained access to personal data processed by the service provider for the account switch. “According to the current state of knowledge, a low four-digit number of customers who have used the statutory account switching assistance when opening a current account with us are affected,” said ING.
The service provider is Majorel Deutschland GmbH, which wants to make it easier for bank customers to switch from one bank to another through its wholly-owned subsidiary Kontowechsel24.de. “As part of a security gap in the MOVEit software, which affects many companies around the world, Majorel Germany has become the target of a hacker attack,” said a Majorel spokeswoman. “Our cybersecurity team closed the vulnerability immediately after it became known and took all necessary measures to ensure the security of our systems.”
Those affected should check accounts for suspicious debits
According to the banks, they informed the affected customers about the incident. According to a spokesman, Deutsche Bank called on those affected to check their accounts for suspicious debits or unusual activities. Unauthorized direct debits could be returned up to 13 months retrospectively. The money will then be refunded by the bank.
In the case of Deutsche Bank and Postbank, according to the largest German financial institution, it was about customers who had used the account switching service in 2016, 2017, 2018 and 2020. According to a spokesman, ING Germany also switched accounts a few years ago. A Commerzbank spokeswoman said: “We are only affected by the data leak at Majorel with the Comdirect brand. Customers of the Commerzbank brand are not affected.”
Since September 2016, financial institutions in Germany have been legally obliged to support consumers when switching accounts. The new institute must accept incoming and outgoing transfers and direct debits from the old account. The new account should be set up after twelve business days at the latest. The regulations are part of the Payment Accounts Act, with which an EU directive was implemented into German law. Providers such as Kontowechsel24.de advertise a “quick and uncomplicated” change of bank details. According to its own statements, the company carried out 400,000 account changes and converted three million bank details in the 2019 financial year.