Cyber Incident Victim: Norisbank

On or around May 31, 2023, it was reported that a significant data breach had occurred involving Majorel, a service provider specializing in account switching services for the banking sector. The incident was a hacker attack that resulted in the theft of customer data. The attack was not directly against the banks themselves but was instead executed by targeting their third-party vendor, Majorel. This supply chain attack compromised the sensitive information of banking customers who had utilized the account switching service.

The specific method of the initial intrusion, such as phishing, vulnerability exploitation, or other attack vectors used to gain access to Majorel's systems, was not detailed in the available information. The attackers successfully exfiltrated data, removing it from Majorel's controlled environment. The total number of data sets confirmed to have been stolen exceeded 144,000. This figure represents the confirmed scope of the data theft from the service provider's systems.

The stolen data subsequently appeared for sale or distribution on the darknet. The information exposed in this incident included sensitive customer details, specifically customer names and account numbers. The availability of this data on darknet markets significantly increased the risk of secondary crimes, such as targeted phishing campaigns, social engineering attacks, and potential financial fraud attempts against the affected individuals.

The impact of the breach was distributed across multiple financial institutions that utilized Majorel's services. Postbank was identified as the bank most severely affected by the data theft. Deutsche Bank was also confirmed as another major financial institution whose customer data was compromised in the attack. The article did not specify the exact number of data sets pertaining to each individual bank, only that Postbank had the largest number of affected customers among the victims.

The incident highlights the growing risk associated with supply chain attacks in the financial sector, where targeting a single third-party service provider can yield a trove of data from multiple clients. The compromise of a vendor like Majorel, which handles a specific but critical process like account switching, provides attackers with a rich source of freshly validated and highly current financial data. The data's usefulness to attackers is heightened because it pertains directly to active accounts and recent banking transactions.

Response actions were not detailed in the provided source material. The public reporting on May 31st served to confirm the scale of the breach and identify the most impacted entities. Standard procedure following such an incident typically involves notifying regulatory bodies, informing affected customers, and offering support services such as credit monitoring. The banks involved, including Postbank and Deutsche Bank, would have initiated their own internal response plans to mitigate the potential fallout for their customers. This likely included customer communication campaigns to warn of potential fraud, increased monitoring of affected accounts for suspicious activity, and reinforcing security protocols to prevent unauthorized access. The full technical and forensic investigation into the breach to determine the root cause and identify the threat actors was presumably undertaken by Majorel in coordination with cybersecurity experts and law enforcement agencies.