Cyberattack on Deutsche Bank and Postbank

Estimated read time 3 min read

Deutsche Bank and its subsidiary, Postbank, have reported a data breach. Personal data of an unknown number of customers has been stolen. Both banks have confirmed the breach, which has affected customers who used their account switch service.

A Brief Recap of the Incident

Here’s what we know so far about the data breach:

  1. Attackers exploited a vulnerability in the software of a third-party service provider. The name of the service provider is currently not disclosed.
  2. The data breach only affects customers who used the account switch service of both banks in 2016, 2017, 2018, and 2020.
  3. The exact number of affected customers is still unknown.
  4. Media reports suggest that the stolen data includes customers’ first and last names, as well as their IBANs.

The Possible Threats Ahead

The stolen data might not give criminals direct access to the affected accounts, but there is a risk of unauthorized direct debits. Also, the perpetrators might attempt to obtain more personal information through emails, calls, or messages for phishing or password theft.

Banks are urging their customers to carefully monitor their transactions and account statements for the foreseeable future. If a suspicious debit is detected, the customers are advised to immediately contact their bank.

What Can Affected Customers Do?

In the wake of this breach, Deutsche Bank has issued two key pieces of advice to its customers:

  1. Review Debits: Check your accounts for any unauthorized direct debits or unusual activities. If found, you can reclaim these unauthorized debits up to 13 months retroactively. The bank will refund the money in such cases. It is also recommended to inform the police about suspicious debits!
  2. Beware of Scams: Despite having some information, the thieves can’t access customers’ accounts directly. Still, they may try to obtain more information via calls or emails. They might appear more trustworthy, as they have the correct IBAN. So, double caution is advised, whether dealing with emails, callers, or door-knockers. It’s always a good idea to contact your bank directly to verify any unusual activity rather than responding to external contacts.

Legal Perspective

From a legal standpoint, victims of data breaches are entitled to compensation. German courts are increasingly advocating for compensation in the four-figure range, especially in cases like the Facebook data breach.

The European Court of Justice (ECJ) has also strengthened the rights of consumers through a landmark data protection ruling, indicating that companies must compensate when privacy violations result in material or immaterial damage.

With the data breach at Deutsche Bank and Postbank, the affected customers have lost control over their sensitive data. They might face negative impacts in the future and have the right to claim against the companies involved.

In such situations, Dr. Stoll & Sauer, one of the leading consumer law firms, offers a free initial consultation through their online check.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author