Cyber Incident Victim: GLS Gemeinschaftsbank eG
Date:
May 2023
Location:
Germany
Summary
A cyber attack targeted Majorel, a service provider handling bank account switching services, resulting in a significant data breach. The incident led to the theft of over 144,000 customer datasets, which subsequently appeared for sale on the darknet. The compromised information included customer names and account numbers. Among the affected financial institutions, Postbank and Deutsche Bank were identified as being the most severely impacted by this security compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around May 31, 2023, details of a cybersecurity incident involving the data processing firm Majorel became public through media reporting. The incident was characterized as a hacker attack that resulted in the theft of customer data. Majorel provided services as a third-party vendor specializing in account switching, handling the processing of customer information on behalf of numerous financial institutions. The attack targeted this service provider, compromising the data it held for its banking clients.
The specific method of intrusion or the exact date of the initial breach was not detailed in the available information. The attack culminated in the exfiltration of a significant volume of sensitive customer data. The stolen information included customer names and account numbers. Following the theft, this data subsequently appeared for sale or distribution within darknet markets, indicating that the attackers intended to monetize the stolen information or otherwise leverage it for malicious purposes.
Analysis of the stolen data sets revealed the full scope of the compromise. In total, more than 144,000 individual customer data records were confirmed to have been stolen in the attack. The impact was distributed across multiple banking institutions that were clients of Majorel's account switching services. The institutions affected were not all impacted equally; the distribution of the stolen data was uneven among them.
Postbank was identified as the financial institution most severely affected by the data leak. A substantial portion of the over 144,000 compromised records belonged to customers of Postbank. Deutsche Bank was also confirmed to be among the impacted institutions, with customer data from this bank being part of the stolen data set. The reporting did not specify the exact number of records pertaining to each individual bank beyond identifying Postbank as the most strongly affected party. The incident exposed a supply chain risk, where an attack on a single third-party service provider compromised the data security of multiple downstream financial entities.
The public disclosure of the incident's scale occurred through media reports on May 31, 2023. The reporting provided confirmation of the number of records stolen and identified the primary affected banks, bringing the details of the breach to light. The response actions taken by Majorel or the affected banks were not explicitly detailed in the available source material. The confirmed consequences of the incident included the theft of a large volume of personally identifiable information and banking details, creating potential risks of fraud and identity theft for the affected customers. The appearance of this data on the darknet further elevated these risks by making the information available to other malicious actors. The reputational impact on the involved banks and the service provider was another direct consequence of the breach becoming public knowledge. The incident underscored the vulnerabilities associated with relying on external vendors for critical data processing functions within the financial sector.