A security breach appears to have occurred at Commerzbank, Germany’s second-largest private bank, allowing criminals to reportedly withdraw a double-digit million-dollar sum from bank accounts of over 100 customers. According to sources cited by Handelsblatt from financial circles, the attackers allegedly exploited Girocards with Maestro, a Mastercard debit card service facilitating cashless payments abroad.
A spokesperson for Commerzbank stated that due to technical reasons at a service provider, there were unauthorized withdrawals from a few customer accounts. However, the incident is not causing any financial harm to affected customers as the bank is rectifying these transactions internally. “The affected customers have been or will be informed by us,” the spokesperson mentioned.
Reportedly, the security loophole has been closed
The Maestro Girocards of Commerzbank are apparently managed by Bank-Verlag. Handelsblatt reported that Bank-Verlag confirmed being a target of fraudulent Maestro payments. The exploited security gap was allegedly closed by the service provider “as part of the internal control system” immediately after discovering the malicious activities. However, specific details about the vulnerability were not disclosed.
Neither Commerzbank nor Bank-Verlag have commented on the exact amount of damage or who will ultimately bear the responsibility. Further inquiries regarding the damage settlement remain unresolved for now. The Bank-Verlag stated they would address these concerns only after a full investigation into the sequence of events leading to the damage.
This isn’t the first attack on banks this year
Recently, Targobank also faced criminal activities when attackers attempted unauthorized access to the online banking of thousands of customers. Consequently, Targobank had to block access for about 6,000 customers and send them new login details via mail. However, it seems that no funds were siphoned in this instance.
Additionally, a data breach at Majorel’s account switching service this year exposed personal data of customers from Deutsche Bank, ING, Comdirect, and Postbank to cybercriminals. The data later surfaced on the Darknet.
READ MORE: Ford’s Electric Future Sparks Uncertainty: Jobs, Models, and European Operations at Stake
