A former Computacenter manager has filed suit alleging that unauthorized parties repeatedly accessed Deutsche Bank’s high-security New York datacenter between March and June 2023. Court documents claim that a Computacenter employee allowed his uncredentialed girlfriend into server rooms housing critical mainframe systems, while internal CCTV footage reportedly shows Deutsche Bank’s own security staff permitting her entry. During these breaches, she allegedly connected a personal laptop to the bank network and may have circumvented the SIEM monitoring environment. Despite reporting these lapses and urging a regulatory disclosure, the whistleblower was suspended and ultimately terminated. No confirmed data exfiltration or operational outage has been documented, but the incidents exposed serious lapses in multi-layered physical and logical controls, exposing the institution to heightened regulatory, legal and reputational risk. The lawsuit seeks over $20 million in damages under New York whistleblower protections and highlights the potential downstream costs of litigation, internal investigations and remediation measures to shore up security protocols.
Source: https://cybersecuritynews.com/it-guy-let-girlfriend-server-rooms/
"id": "deu843050725",
"linkid": "deutsche-bank",
"type": "Breach",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"