Cyber Incident Victim: ABN Amro

In mid-May 2024, ABN Amro disclosed a potential data breach involving customer information following a cyberattack targeting AddComm, its external supplier specializing in customer communication services. The attack occurred between May 5 and May 17, during which unauthorized actors gained access to AddComm's systems. ABN Amro immediately suspended all services with AddComm upon discovering the compromise while maintaining close coordination with the affected vendor to assess the situation. The bank promptly notified customers whose data might have been exposed to the attackers, though neither AddComm nor ABN Amro confirmed the specific nature or scope of the compromised information at the initial stage. AddComm emphasized that cybercriminals no longer retained access to their systems following containment efforts.

ABN Amro activated its cybersecurity experts to investigate the incident's ramifications and reported the breach to relevant regulatory authorities as part of mandatory compliance protocols. The bank prioritized direct communication with potentially impacted clients but did not publicly disclose the number of affected individuals or specific data categories involved. AddComm acknowledged uncertainty regarding which client datasets were exfiltrated during the intrusion window, leaving the full extent of data exposure unverified. The incident disrupted ABN Amro's customer communication workflows due to the suspension of AddComm's services, though operational continuity measures mitigated broader service interruptions. Both organizations maintained ongoing investigations to determine the attack's origin and finalize damage assessments while adhering to regulatory disclosure requirements.