Bank99

Bank99, headquartered in Austria, is an organization that experienced a significant data security incident in late May 2023. This event involved a cyber attack that exploited a known vulnerability in the MOVEit file transfer software. The compromised system was operated by Majorel, a third-party service provider utilized by Bank99. The attack resulted in the unauthorized access and exfiltration of a substantial volume of customer data. Specifically, the breach led to the theft of over 144,000 individual data records belonging to Bank99's customers. Following the theft, this compromised information was offered for sale on a darknet marketplace, indicating a deliberate attempt by the attackers to monetize the stolen data. The exposed data included sensitive personal and financial details, such as customer names and account numbers, representing a serious privacy and financial risk for those affected.

The incident underscores the critical risks associated with reliance on external service providers for data processing functions. The exploitation of a vulnerability in a widely used third-party software platform demonstrates how supply chain weaknesses can directly impact an organization's data security posture. For the customers of Bank99, the breach meant their personally identifiable information and financial account details were placed into criminal circulation. The scale of the data theft, exceeding 144,000 records, suggests a broad impact across the organization's customer base. The subsequent appearance of this data for sale on the darknet confirms the malicious intent behind the intrusion and the likelihood of the data being used for fraud or other criminal activities. This event serves as a documented case of a data breach originating from a vendor's system vulnerability, highlighting the necessity for robust vendor risk management and continuous monitoring of third-party dependencies. The specific details of the data types stolen, including names and account numbers, point to a compromise of information that could facilitate identity theft and account takeover attempts. No further information regarding Bank99's core business operations, market scope, ownership structure, or additional distinguishing attributes is provided in the available context.