Communication by Deutsche Leasing (UK) Limited, as the controller of relevant personal data, pursuant to Art. 34(3) of the General Data Protection Regulation. Deutsche Leasing (UK) Limited, Deutsche Leasing AG, Deutsche Sparkassen Leasing AG & Co. KG, Deutsche Leasing Insurance Services GmbH and Deutsche Leasing Finance GmbH are together referred to as ("Deutsche Leasing") in the following.
Cyber attack on 3 June 2023 – what happened?
As previously published on the Deutsche Leasing global site, Deutsche Leasing detected a cyber attack on parts of its IT systems on 3 June 2023. The company reacted instantly and followed the contingency plan, shut down access to the systems and involved or informed all relevant (investigative) authorities. Together with external IT forensic experts and IT security consultants, Deutsche Leasing then worked on analysing the attack and securing evidence. Having completed the IT forensic analysis, Deutsche Leasing has now successfully put its IT systems, applications and IT interfaces with customers and partners back into operation.
Data access and associated threat detected.
IT forensic analysis revealed that individual servers and data were accessed in the course of the cyber attack despite immediate countermeasures. Neither the IT systems required for the performance of our business processes nor the essential employee, customer and partner data stored on them were compromised.
In the interim, the company’s own monitoring systems have detected the publication of Deutsche Leasing documents on the internet. The documents contain personal data. Based on information known at this point, Deutsche Leasing has promptly notified the natural persons who were directly concerned.
Although there is currently no evidence that further personal data has been affected by the cyber attack and the publication, we cannot rule this out with certainty. For this reason, Deutsche Leasing relevant entities are now informing any parties that may be affected by means of this announcement on its corporate website.
Which data subjects and which data might be affected?
The data subjects and personal data of which Deutsche Leasing (UK) Limited is controller that could potentially be affected may include:
Which potential risks do you face as a result of the incident?
Given the usual conduct of such attacker groups, it cannot be ruled out that further personal data will be published. In particular, there is a risk that control over the personal data concerned may be lost. In individual cases, it is also possible that data subjects may receive spam mails or unsolicited advertising calls in the future. There may also be a risk of criminal use of the data, e.g. in the form of identity theft or similar activities.
What steps can you take to mitigate or avoid negative consequences resulting from the incident?
Deutsche Leasing (UK) Limited recommends that you to remain vigilant with regard to the security of your personal data. If you notice any unusual or suspicious activities (such as unusual account movements, increased volume of suspicious emails), we would recommend increasing your own IT security measures right away. This includes immediately changing passwords you have used for a long time, consistently using more complex and hence more secure access codes or setting up 2-factor authentication for bank and social media accounts, as well as monitoring your own bank account for suspicious account activity.
What steps has Deutsche Leasing taken to mitigate or avoid negative consequences resulting from the incident?
Since 3 June 2023, Deutsche Leasing has been working closely with IT security experts and has commissioned a service provider to screen relevant parts of the internet and detect any data releases by the attacker group as soon as they occur. Deutsche Leasing (UK) Limited has reported the incident to the Information Commissioner’s Office. In addition, Deutsche Leasing has reported the incident to the Commissioner for Data Protection and Freedom of Information of the State of Hesse within the applicable deadlines.
Deutsche Leasing (UK) Limited apologises for any inconvenience that the current development may cause to any individuals who may be affected.
Contact:
If you have any questions regarding the incident, please email us at ukdataprivacyrequest@deutsche-leasing.com.
