ING confirms customer data leak, MOVEit fallout


ING Bank confirms to Cybernews that some customer information was accessed by the hackers responsible for a rash of global attacks exploiting the MOVEit file transfer system.

The customer data leak is connected to the breach of a third-party vendor used by the Frankfurt-based arm of the ING Group in Germany, listed as one of the nation’s top five banks.

“We are aware of the recent hacker attack on a service provider with whom we are cooperating in Germany as part of the legal account switching scheme,” said Patrick Herwarth von Bittenfeld, spokesperson for ING Germany.

ADVERTISEMENT

“Unauthorized persons gained access to personal data that the service provider processes for the purpose of switching accounts,” Herwarth von Bittenfeld said.

Majorel, an international third-party bank account switching service provider headquartered in Luxembourg, announced on Monday that they'd been targeted in a recent cyber attack exploiting the MOVEit software system.

The massive MOVEit hacking spree – affecting hundreds of companies worldwide – was carried out by the Russian-linked Cl0p ransomware gang at the end of May.

Herwarth von Bittenfeld said that based on current information, the number of customers affected by the ING leak is in the low thousands.

“A low four-digit number of customers is affected, who in the context of a current account opening with us have used the legal account change assistance,” he said.

“According to current knowledge, only the legal account change assistance ("Gesetzliche Kontowechselhilfe") was affected, but not the account change service (“Kontowechselservice”), which is used much more frequently," Herwarth von Bittenfeld specified.

Majorel third party bank account switching service
International business processes service provider Majorel was targeted in the MOVEit hacks, resulting in customer leaks at ING, Deutsche Bank, Postbank, and Condirect. Image by Shutterstock

Bank account switching is a common automated online practice used by financial institutions in Europe when a customer decides to switch banks – essentially moving their assets, payment accounts, and direct deposits from one bank to another in a single seamless process.

ADVERTISEMENT

The ING data leak "only affects private customers who, when opened a current account with us, used the German legal account change assistance," Herwarth von Bittenfeld reiterated.

“It’s a specific case here in Germany: Banks are legally obliged to support private customers in moving their account from the old to the new bank in a defined generic process,” he further explained.

Three other major European banks using Majorel for their bank switching processes were also impacted and suffered customer data leaks, including Deutsche Bank, Postbank, and Comdirect.

At this time, none of the four banks or the third-party vendor Majorel have been officially named as victims on the Cl0p dark leak site.

ING said any affected customers would be informed by the bank "in writing" about the incident.

The bank’s notice will also provide "safety instructions" for impacted customers to further protect their personal information, as well as "contact options for queries."

“The relevant security vulnerability was closed by the service provider and the relevant data protection and law enforcement authorities were informed about the incident,” Herwarth von Bittenfeld said.

For additional confirmation, Majorel also announced Monday it had immediately patched the MOVEit vulnerability as soon as it was discovered to prevent further security incidents.

MOVEit hack fallout continues

MOVEit Transfer is an American-made software system that allows companies to securely move data between systems, servers, organizations, and employees around the world.

ADVERTISEMENT

The Cl0p ransom group was able to exploit a zero-day vulnerability in the software through SQL database injection, which allowed the gang to access and extract certain information and files from its victim’s database servers.

MOVEit Transfer, file transfer software system
MOVEit Transfer by Progress Software

Cl0p often uses a double extortion ransomware method to carry out its attacks and target its victims.

The threat actors will first hack the victim, encrypt its data and systems, and then demand a ransom fee in exchange for a decryption key.

In double extortion, the hackers attempt to extort more money from the same victim by threatening to publish any sensitive data exfiltrated in the hack.

It's estimated that over 3000 businesses currently use the MOVEit system globally, and that's beside the hundreds of companies who contract third-party services using MOVEit Transfer, making them equally vulnerable to the Cl0p attacks.

Besides Majorel, a prime example of that is Zellis, a popular third-party payroll service provider, which was hacked by exploiting the MOVEit flaw.

The BBC, British Airways, and retailer Boots have all been affected by the Zellis breach.

Other major corporations directly affected by the MOVEit hack include Shell Global, Telos, Sony, PWC, Radisson Hotels, and several US government agencies, prompting the White House to offer a $10 million dollar reward for information leading to the arrest of Cl0p members.

ING Germany, which includes a Wholesale Banking unit, is a subsidiary of ING Group’s global banking network with branches in over 40 countries, according to the ING website.

ADVERTISEMENT