Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

Major German bank says a third-party may have been hit following claims of ransomware attack

Threat actors have claimed a cyber attack on a major German bank, a claim that the financial institution has denied.

Wed, 15 Jul 2026
Major German bank says a third-party may have been hit following claims of ransomware attack

As reported by CyberNews, Deutsche Bank’s systems were allegedly breached by the Unsafe ransomware gang after the group listed the bank on its dark web leak site.

Within the listing were screenshots that included queries that can call back employee data, terminal output and commands that show exports of databases.

The allegedly stolen data in the screenshots contains employee email addresses, physical addresses, internal database records and password hashes.

 
 

Speaking with multiple media outlets, Deutsche Bank says that there is no indication that a breach occurred of its own network, and said that it was notified of a third-party incident impacting an external service provider in Germany.

“There is no indication that Deutsche Bank's internal systems or networks were or are affected by the incident. There is also no evidence of unauthorized access to Deutsche Bank's network,” the spokesperson said.

The bank also said it was working with the third-party provider on the alleged incident and was working to "minimize potential cyber risks."

Who is Unsafe ransomware?

Unsafe ransomware group is a relatively unknown player in the cyber crime space, with mixed records of incidents.

According to ransomware.live, the threat actor first appeared in late 2022, and has launched cyber attacks sporadically since. Having been quiet for most of 2024 and all of 2025.

The group reportedly has 16 victims to date, most of which are based in the US, followed by Germany.

Ransomware.live also suggest that the group seems to recycle leaks from other threat actors rather than being behind some of its cyber incidents.

According to the group’s about page, Unsafe claims to be a penetration tester and security researcher that does not support illegal activity, a claim made by most cyber criminals.

“Hello, I'm a cybersecurity engineer who does penetration testing and security research. This blog shares findings from authorized tests and research meant to help people and organizations fix security problems,” the page reads.

“The posts are for learning and defense. They are not meant to teach or encourage illegal activity.

“I am not a cyber criminal. My intent is to promote cybersecurity and help make systems safer. I test systems to help owners find and fix weaknesses.”

The threat actor also attempts to distance itself from any illegal activity, saying they are not responsible for the use of the data it posts, cannot guarantee accuracy and does not take responsibility for damages and loss as a result.

“If you own a system that might be affected or want a professional audit, contact me and we’ll arrange an authorized lawful test,” the threat actor adds, despite the fact that the testing is not lawful or authorised.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.