The data leak at MOVEit has probably now finally been closed, but the consequences are still there: It has now become known that the bank switching service from Majorel Germany, which supported account switches from Deutsche Bank, Postbank, Direktbank ING and Comdirect, has lost data.
The various banks such as Deutsche Bank, Postbank, Direktbank ING and Comdirect state that that they are because of the MOVEit hack have not lost any data, but the service provider Majorel Germany. This offers bank customers a switching service using the Progress software MOVEit. The known vulnerability was probably attacked by the CLOP group, data was stolen and the blackmail started. However, the name Majorel does not appear in the lists on the CLOP group's leaks page.
Names and account numbers stolen
As Majorel Germany announced, first names, surnames and account numbers (IBAN) were stolen by the hackers when it came to exchange services. A spokeswoman for the company said "Majorel Germany has become the target of a hacker attack as part of a security gap in the MOVEit software, which affects many companies around the world".
The Tagesschau.de some banks indicated how many customers are affected by the data leak at Majorel: ING says a low four-digit number. Deutsche Bank, Postbank and Comdirect could not or did not want to provide any information. However, all institutes announce that they monitor the accounts. Customers should do the same and immediately report unexpected charges. In this case, the institutes want to grant free chargebacks for up to 13 months. Customers can also find out more from their bank, since they are also informed about the incident.
Blackmailer CLOP group
The CLOP-ATP group continues to claim that only they have and have the exploit suitable for the MOVEit vulnerability. There are currently 160 companies on the CLOP leak page from which data was probably stolen and blackmailed. Majorel Germany is not to be found. However, weeks ago companies were already on the list that are no longer there and no data has been published.
Expert Answer from Trend Micro
“The banks affected in Germany are among the victims because their service provider was attacked. You do not use the software yourself. Nevertheless (or maybe because of this) the whole thing could have an unpleasant GDPR aftermath. Because as early as mid-June, the service provider reported that it had lost data.
If personal data is involved, the obligation to report such incidents is 72 hours. Now there may be reasons why information about affected customers in Germany is only now slowly and "dripping" coming out. That is not to be called good in IT security.
The incident itself is a zero-day vulnerability. This makes it all the more important that other unaffected companies become aware of the danger and that end users are also informed that important personal information is in the hands of criminals,” says Richard Werner, Business Consultant at Trend Micro.
Editor/sel