Customers of Deutsche Bank and its subsidiary Postbank are affected by the incident, and the bank has alerted an unspecified number of clients that their data may have been stolen.
The institute declared that an external service provider's data loss was the thieves' entry point.
The service provider found the root of the security breach and fixed it.
A software vulnerability has been exploited, according to a letter sent to the affected clients.
The bank refrained from identifying the service provider who let the data leak happen. Other banks and their customers may also be impacted because account-switching service providers frequently work with several banks.
TPRM report: https://scoringcyber.rankiteo.com/company/deutsche-bank
"id": "deu225723723",
"linkid": "deutsche-bank",
"type": "Data Leak",
"date": "07/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Deutsche Bank',
'type': 'Bank'},
{'industry': 'Financial Services',
'name': 'Postbank',
'type': 'Bank'}],
'attack_vector': 'Exploitation of Software Vulnerability',
'customer_advisories': 'Letter sent to affected clients',
'data_breach': {'type_of_data_compromised': 'Customer Data'},
'description': 'Customers of Deutsche Bank and its subsidiary Postbank are '
'affected by a data breach due to a vulnerability in an '
"external service provider's software.",
'impact': {'data_compromised': 'Customer Data'},
'initial_access_broker': {'entry_point': 'External Service Provider'},
'post_incident_analysis': {'corrective_actions': 'Fixed the vulnerability',
'root_causes': 'Software Vulnerability'},
'response': {'communication_strategy': 'Alerted affected clients'},
'title': 'Deutsche Bank and Postbank Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Software Vulnerability'}