Deutsche Bank AG, Commerzbank AG and ING Groep NV are among dozens of companies worldwide whose client data were compromised when a criminal hacking group exploited a security flaw in a file transfer tool.
(Bloomberg) — Deutsche Bank AG, Commerzbank AG and ING Groep NV are among dozens of companies worldwide whose client data were compromised when a criminal hacking group exploited a security flaw in a file transfer tool.
The attackers obtained access to data of thousands clients whose requests to change accounts had been transferred to an external data provider, which the banks in emails to Bloomberg identified as Majorel. The data seen by hackers included clients’ names and their account numbers, ING said in its statement. The software flaw has since been patched, the banks said.
“In the context of a security vulnerability in the MOVEit software that has affected many companies around the world, Majorel Germany was the target of a hacker attack,” a spokesperson for the company said. “The attack took place before the software’s vulnerability became public and only affected a single system running MOVEit software in Germany.”
The MOVEit attack, which came to light more than a month ago and was allegedly carried out by a criminal hacking group known as Clop, has resulted in the theft of data from dozens of organizations and government agencies in the US and Europe. Notable victims include oil giant Shell PLC and British Airways, along with banks, manufacturing firms, and universities.
The breach happens as banks are under pressure to strengthen their IT defenses amid a rising concern that cyber threats are getting more sophisticated and more frequent. The European Central Bank will hold its first cyber stress test of Europe’s banks early next year to map resilience in the industry.
Read More: ECB Cyber Stress Test Won’t Deliver Direct Capital Hit to Banks
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.