A data leak at a service provider for account switching does not only affect customers of Deutsche Bank and Postbank. As has now become known, customers from two other financial institutions are also among the victims of the hacker attack.
The direct bank ING and the Comdirect, which belongs to Commerzbank, are also affected by the hacker attack on a service provider for changing accounts. Both houses confirmed that today. Commerzbank made it clear that customers of the Commerzbank brand were not affected by the data leak.
Deutsche Bank and Postbank announced on Friday that an unknown number of customers had fallen victim to a data leak.
Hackers steal names and account numbers
According to a spokesman for ING Germany, “a low four-digit number of customers” is affected at the direct bank. They would have used the statutory account switching assistance when opening a current account. In doing so, unauthorized persons would have gained access to personal data processed by the service provider for the account switch.
Personal data was also lost at Postbank and Deutsche Bank. According to information from the “Bonner General-Anzeiger”, it was about first names, surnames and account numbers (IBAN).
Suspicious charges?
According to the banks, they informed the affected customers about the incident. According to a spokesman, Deutsche Bank called on those affected to check their accounts for suspicious debits or unusual activities. Unauthorized direct debits could be returned up to 13 months retrospectively. The money will then be refunded by the bank.
In the case of Deutsche Bank and Postbank, according to the largest German financial institution, it was about customers who had already used the account switching service in 2016, 2017, 2018 and 2020. According to a spokesman, ING Germany also switched accounts a few years ago.
“Security breach is closed”
The service provider concerned is Majorel Deutschland GmbH, which wants to make it easier for bank customers to switch from one money house to another via its wholly-owned subsidiary Kontowechsel24.de.
“As part of a security gap in the MOVEit software, which affects many companies around the world, Majorel Germany has become the target of a hacker attack,” said a company spokeswoman. “Our cybersecurity team closed the vulnerability immediately after it became known and took all necessary measures to ensure the security of our systems.”
Account switching support required
Since September 2016, financial institutions in Germany have been legally obliged to support consumers when switching accounts. The new institute must accept incoming and outgoing transfers and direct debits from the old account. It is a legal requirement that the new account is set up within twelve business days at the latest.
The regulations are part of the Payment Accounts Act, with which an EU directive was implemented into German law. Providers such as Kontowechsel24.de advertise a “quick and uncomplicated” change of bank details. According to its own statements, the company carried out 400,000 account changes and converted three million bank details in the 2019 financial year.