Deutsche Bank data breach fears rise after ransomware group posts “evidence”
Hackers claim to have breached Deutsche Bank internal systems.

Image by Shutterstock.
- Unsafe ransomware group claims to have breached Deutsche Bank, posting alleged employee database records on a dark web leak site.
- Leaked data reportedly includes employee email addresses, password hashes, physical addresses, and internal database records.
- Stolen employee data could fuel phishing attacks, offline password cracking, and deeper infiltration of Deutsche Bank's infrastructure.
- Unsafe ransomware resurfaced aggressively in 2026 after going quiet, targeting organizations in the US, Germany, Switzerland, and France.
Hackers claim to have breached Deutsche Bank's internal systems, posting what appear to be employee database records as proof of the ransomware leak on a ransomware leak site.
The Unsafe ransomware group has claimed to have breached Deutsche Bank, listing the German banking giant on a dark web leak site.
The alleged attackers posted database extracts as proof of their claims, including terminal output and commands that appear to show exports from multiple databases. The provided screenshots show database queries that call back sensitive employee data.
This may indicate that the data originated from internal Deutsche Bank systems and that attackers may have had access to them.
According to Cybernews researchers, the screenshots contain records associated with Deutsche Bank employees, including:
- Employee email addresses
- Password hashes
- Physical addresses
- Internal database records
“Based on the available samples, it's not possible to determine whether customer data is included in the alleged breach," our researchers explained.
Cybernews has contacted Deutsche Bank for comment and will update this article when the company responds.
What are the risks?
Even if the data breach is limited to employee information, it could still present meaningful security risks.
“The stolen data may be exploited in phishing attacks against the employees, offline password cracking, or could later be used for further compromise,” our team warned.
Internal corporate datasets could easily serve as an initial step toward larger attacks. They can assist cybercriminals in mapping an organization's digital infrastructure and later target privileged users with convincing social engineering.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Deutsche Bank has previously reported data breaches. In 2023, it was a victim of the infamous MOVEit hack, when the Cl0p ransomware gang breached the file transfer platform, affecting organizations globally.
The same year, an unknown hacker offered up a cache of sensitive files, allegedly stolen from Deutsche Bank by the infamous LockBit ransomware gang.
What is known about Unsafe Ransomware?
Unsafe ransomware operates a ransomware-as-a-service business model. Also, part of its tactics is double extortion, where victims are not only encrypted, but also threatened with the release of stolen data.
According to SocRadar, the gang uses zero-day vulnerabilities in various software to bypass security measures. The attackers use a variety of malware, including GrandCrab and Emotet.
Once they gain access, Unsafe impairs security controls and removes indicators from compromised hosts for continued access.
First spotted in December 2022, the gang went largely quiet through 2024 and 2025. However, it has resurfaced with a vengeance in 2026. Among the known victims, organizations in the US, Germany, Switzerland, and France are the most targeted.