preloader

· security digital-security europe ransomware gdpr compliance supply-chain finance

Deutsche Bank Lands on a Ransomware Leak Site Because a German Marketing Vendor Got Breached

Source: Cybernews / Computing.co.uk

The ransomware group Unsafe added Deutsche Bank to its dark web leak site on July 4, 2026, publishing screenshots it claims show database extracts, terminal commands, and internal records containing employee information. By July 10, follow-up reporting had confirmed the shape of what actually happened, and it is a now-familiar story: the breach did not occur inside Deutsche Bank’s own network. It occurred at a third-party company in Germany that operates a marketing and incentive platform for the bank’s sales partners. Deutsche Bank’s statement was direct: “There is no indication that Deutsche Bank’s internal systems or networks were or are affected by the incident. There is also no evidence of unauthorized access to Deutsche Bank’s network.”

The data is still real, even if the network boundary held

Researchers reviewing the published samples told Cybernews the material appears to include employee email addresses, password hashes, physical addresses, and internal database records, and that it plausibly relates to Deutsche Bank staff, though they could not confirm whether customer data was also exposed. For the employees involved, whether the breach technically occurred inside Deutsche Bank’s firewall or inside a vendor’s is not a meaningful distinction. Password hashes and physical addresses tied to a named financial institution’s staff are exactly the raw material used for targeted phishing, credential stuffing, and physical social engineering against high-value individuals.

Unsafe itself is not a new actor. The group first appeared in 2022, scaled back or paused through 2024, and resurfaced with renewed activity in December 2025, operating a standard ransomware-as-a-service model where affiliates deploy the malware and share ransom proceeds, with double extortion, encryption plus a threat to publish, as the default playbook.

Why this is the exact scenario DORA was built for

The EU’s Digital Operational Resilience Act became fully applicable in January 2025 specifically to close this gap: financial institutions are required to manage and monitor the cyber risk introduced by their third-party ICT suppliers, not just their own infrastructure. A marketing and incentive platform for sales partners is a textbook example of the kind of vendor that sits outside a bank’s core systems, handles real employee and business data, and historically received far less security scrutiny than the bank’s own network. This incident is functionally a live test of whether Deutsche Bank’s third-party risk programme, and by extension every large financial institution’s DORA compliance work, actually catches this category of exposure before an attacker does.

What this means if you supply, or rely on, a financial institution

If your business operates any platform that touches a bank’s employee or partner data, marketing, incentive, HR, expense, or scheduling tools included, assume you are now inside the blast radius of your client’s regulatory obligations, not just your own. If you are the financial institution, this is a prompt to inventory every third-party vendor with access to staff data and confirm each one meets the same security bar you would apply internally, not the bar they happened to arrive with.

If you need help mapping your third-party vendor risk, reviewing a supplier’s security posture before or after onboarding, or building the kind of DORA-aligned oversight programme that turns “our vendor got breached” from a crisis into a contained incident, contact Excello Digital. We help financial and regulated businesses close the gap between their own security and their suppliers'.

These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional — let us know and we'll correct or remove it.

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!