The ransomware group "Unsafe" has listed Deutsche Bank on its darknet site and claims to have stolen around 5.5 gigabytes of internal data. The incident is making waves, but the full extent remains unclear.
What happened?
According to reports from Cybernews and DSGVO-Portal, the group published its listing on July 4, 2026. Deutsche Bank was given until July 15, 2026 to make contact. A screenshot of the darknet post states that the attackers obtained files from all of the bank's servers.
As supposed proof, screenshots of database exports were published allegedly containing:
- Employee email addresses
- Password hashes
- Physical addresses
- Internal database entries
What does Deutsche Bank say?
A spokesperson confirmed to Security-Insider that a security incident did occur, but clarified it was not at Deutsche Bank itself. Instead, the breach affected an external service provider operating a marketing and incentive platform for sales partners.
"There are no indications that internal systems or networks of Deutsche Bank were or are affected," the statement reads. The bank says it is investigating the matter with the service provider and continuing its risk mitigation measures.
What should you do?
This is not an all-clear yet. Deutsche Bank customers should stay alert for phishing attempts that could exploit stolen contact data. Suspicious emails asking for login credentials should simply be ignored.