Cyber Incident Victim: Majorel Deutschland
Date:
May 2023
Location:
Germany
Summary
A cyberattack targeting Majorel Deutschland, a service provider for statutory account switching assistance, compromised personal data including names and account numbers of several thousand customers at multiple German banks. The breach, attributed to unauthorized access at a Majorel subsidiary handling account transitions, exposed information that could facilitate fraudulent direct debit attempts, though affected financial institutions noted customers retain recourse to reclaim unauthorized transactions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late May 2023, a data breach occurred at Majorel Deutschland, a customer service provider handling statutory account switching assistance for multiple German banks. The incident involved unauthorized access to personal customer data processed by Majorel during account change procedures. Affected institutions included ING, Comdirect, Deutsche Bank, and Postbank, with ING confirming a low four-digit number of impacted customers who had used the statutory switching service when opening checking accounts. The compromised data consisted of names and account numbers, though banking credentials allowing direct account access remained secure. Majorel, partially owned by Bertelsmann until its April 2023 acquisition by French firm Teleperformance, operated Kontowechsel24.de – the specific account switching subsidiary implicated in the breach. Financial institutions clarified that only the statutory switching service was compromised, not their more frequently used proprietary switching systems.
The breach's primary risk involved potential unauthorized direct debit attempts, as criminals could pair stolen account numbers with names to initiate fraudulent transactions. Banks emphasized customers could reclaim such funds within 13 months under German banking regulations. Deutsche Bank and Postbank notified customers of the exposure on July 7, 2023, followed by ING and Comdirect confirming their affected customers days later. No bank disclosed the total number of compromised records across all institutions. Majorel's role as a shared third-party provider amplified the incident's scope, impacting clients from multiple financial entities simultaneously. Containment measures focused on customer notifications and clarifying the breach's limited service provider origin, with no reported disruptions to core banking operations. The incident highlighted supply chain vulnerabilities in financial services, particularly through specialized subcontractors handling regulated processes like account portability.