teiss – News – Deutsche Bank faces new breach claims after ransomware group posts employee data samples | #ransomware | #cybercrime


A ransomware group known as Unsafe has listed Deutsche Bank on a dark web leak site, claiming to have breached the German banking giant’s internal systems and posting database extracts it says prove the intrusion.

The alleged attackers shared screenshots of terminal output and commands that appear to show exports pulled from multiple databases, along with queries referencing sensitive employee information.

Cybernews researchers who reviewed the samples said the material includes employee email addresses, password hashes, physical addresses, and internal database records. The researchers said the available samples do not make clear whether customer data is part of the alleged breach. Cybernews has contacted Deutsche Bank for comment and has not yet received a response.

Security researchers cautioned that even a breach confined to employee data could carry real risk, noting that stolen records could be used in phishing campaigns targeting employees, in offline password-cracking attempts, or as a foothold for further intrusion. Internal corporate data of this kind can also help attackers map a company’s digital infrastructure and craft more convincing social engineering attempts against privileged users.

Unsafe runs on a ransomware-as-a-service model and relies on double extortion, encrypting victims’ systems while also threatening to publish stolen data. According to SocRadar, the group exploits zero-day vulnerabilities to bypass security defenses and has deployed malware including GrandCrab and Emotet. Once inside a network, the group disables security controls and erases traces of its activity from compromised systems to maintain access.

Unsafe first appeared in December 2022 and went largely dormant through 2024 and 2025 before resurfacing in 2026. Its most frequently targeted victims have been organizations in the United States, Germany, Switzerland, and France.

The claim adds to a history of security incidents tied to Deutsche Bank. The bank was affected by the 2023 MOVEit file-transfer breach, in which the Cl0p ransomware gang compromised the platform and affected organizations worldwide. That same year, an unidentified hacker offered for sale a cache of files allegedly stolen from Deutsche Bank by the LockBit ransomware gang.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW