A ransomware gang has claimed it breached a subsidiary of Germany's second-largest bank and is threatening to release stolen data, but the bank denies any attack took place.
Everest Group, the cybercriminal gang behind the alleged ransomware attack, has listed the German company as a victim on its leak site on the dark web.
EasyCredit.de is one of the financial products of Team Bank, a German cooperative financing group and subsidiary of DZ BANK. Team Bank claims to have over a million clients and a nearly 10 billion euros loan installment portfolio.
Ransomware gangs often list the victims on their dark web leak sites, attempting to muscle organizations into paying a ransom or face dealing with a damaging leak of stolen data. At the time of writing, the countdown is set to six days before the data allegedly belonging to Easy Credit will be released.
The attackers claim to have internal company documents containing a “huge variety of personal documents and information of clients.”
The ransomware gang hasn’t disclosed the size of the data set nor the number of individuals potentially affected.
Cybernews researchers looked at data samples released with the listing, and the documents seem to include personally identifying information (PII):
- Full name
- CID, which potentially stands for customer ID
- Address
- Postal code
- Gender
- Telephone number
“This kind of leak leaves a huge impact on the victims because their data could be doxxed or used for identity theft, personally targeted social engineering attacks that could cause financial losses,” said Cybernews researchers.
Cybernews contacted the company for confirmation. A Team Bank spokesperson said in an emailed statement in German that their security team had investigated and found no unauthorized access to user data. "Third parties did not gain access to our customers' personal data; this constitutes an attempted deception. We are filing a criminal complaint," said the spokesperson.
Who is the Everest Group?
The Russian-linked Everest gang first emerged on the scene in July 2021. In July, the group claimed Mailchimp, the popular email marketing platform, along with a cache of “internal company documents.” However, some security insiders are referring to it as “breadcrumbs.”
Believed to be connected to the BlackByte ransomware group, on May 22nd, Everest set its sights on Coca-Cola’s Middle East division, eventually leaking the data of nearly 1000 employees from the company’s multiple distribution centers scattered throughout the region.
Seemingly part of a broader attack on Coca-Cola Europacific Partners, the world’s largest Coca-Cola bottler, the ransomware group also reportedly made away with an alleged 23 million records.
Just days after the attack on Coca-Cola, Everest claimed the prominent international private hospital Mediclinic, which has locations in the UAE, the Abu Dhabi Department of Culture and Tourism, and the Jordan Kuwait Bank (JKB) on May 26th.
The gang was also behind the October 2022 attack on AT&T, offering alleged access to the entire AT&T corporate network and the Radisson Country Inn and Suites hotel chain in fall 2024.
Updated on September 9th [01:37 p.m. GMT] with a statement from the company.
Your email address will not be published. Required fields are markedmarked