Data Leak Allegations

Ransomware Gang Claims to Have Breached Deutsche Bank

Cyberattack, Deutsche Bank cyberattack, Deutsche Bank ranosmware, Deutsche Bank data breach claims, ransomware, Unsafe, Deutsche Bank ransomware attack, Deutsche Bank, Ransomware
Facebook
X
LinkedIn
Reddit
WhatsApp
Source: BalkansCat/Shutterstock.com

Deutsche Bank has surfaced as the latest alleged victim of the ransomware group Unsafe on a well-known dark web leak site. To support its claims, the cybercriminals published screenshots showing command-line interfaces and database queries.

According to the group, the screenshots contain exports from multiple internal databases. Security researchers at Cybernews reviewed the material and say they identified database queries capable of retrieving employee records.

Ad

What Data May Have Been Exposed

Based on the evidence published so far, Cybernews researchers believe the leaked data includes:

  • Employee email addresses
  • Hashed passwords
  • Private home addresses
  • Additional records from internal databases

At this stage, researchers say there is not enough evidence to determine whether customer data was also compromised. The material released so far does not support that conclusion. Deutsche Bank has not yet commented on the alleged incident.

Why the Incident Could Be More Serious Than It Appears

Even if the breach is ultimately limited to employee data, researchers warn that the exposure still represents a significant security risk. Password hashes can potentially be cracked through offline attacks, while email addresses and home addresses can be leveraged for highly targeted phishing campaigns.

Ad

Internal datasets also provide attackers with valuable insight into an organization’s IT environment. This intelligence can help cybercriminals identify privileged accounts and launch more convincing social engineering attacks against key personnel.

Who Is the Unsafe Ransomware Group?

Unsafe operates under the Ransomware-as-a-Service (RaaS) model and relies on a double extortion strategy. In addition to encrypting victims’ systems, the group pressures organizations by threatening to publish stolen data unless a ransom is paid.

According to cybersecurity company SOCRadar, Unsafe gains initial access by exploiting zero-day vulnerabilities and deploying malware families such as GrandCrab and Emotet. Once inside a network, the attackers reportedly disable security controls, erase forensic evidence, and establish persistent access to compromised systems.

Unsafe first emerged in December 2022. After a notably quiet period throughout 2024 and 2025, the ransomware group has returned with significantly increased activity in 2026. Known targets to date include organizations in the United States, Germany, Switzerland, and France.

(lb)

Ad

Artikel zu diesem Thema

Weitere Artikel