Linked to MOVEit software exploit
While targeting Majorel Germany, threat actors took advantage of an SQL injection vulnerability found in the MOVEit software to gain access to the data. The vulnerability had been exploited before the company sent out a notification about it on May 31. Customers of the software were advised to check for indicators of unauthorized access over at least the prior 30 days.
As of May 31, there were about 2,500 instances of MOVEit Transfer exposed to the public internet, the majority of which seemed to be in the US. The attacks have been linked to the Russia-based Clop ransomware gang.
“The attack took place before the software’s vulnerability became public and only affected a single system running MOVEit software in Germany,” the bank said in the statement, adding that Deutsche Bank’s systems were unaffected.
Other German banks were also affected
The data leak at the account switching service provider has also affected Postbank, Comdirect and ING, according to German news outlet Handelsblatt.
“According to the current state of knowledge, a low four-digit number of customers who have used the statutory account switching assistance when opening a current account with us are affected,” ING told the publication.
While Commerzbank confirmed that customers of its Comdirect brand were affected by the data leak.