Joint communication by Deutsche Leasing USA, Inc. & Deutsche Leasing Canada, Corp. (collectively DLNA) and other group companies in foreign countries (in the following jointly referred to as "Deutsche Leasing") pursuant to Art. 34 (3) lit. c of the General Data Protection Regulation
Cyber attack on 3 June 2023 – what happened?
As previously published on this site, Deutsche Leasing detected a cyber attack on parts of its IT systems on 3 June 2023. The company reacted instantly and followed the contingency plan, shut down access to the systems and involved or informed all relevant (investigative) authorities. Together with external IT forensic experts and IT security consultants, Deutsche Leasing then worked on analysing the attack and securing evidence. Having completed the IT forensic analysis, Deutsche Leasing has now successfully put its IT systems, applications and IT interfaces with customers and partners back into operation.
Data theft detected
IT forensic analysis revealed that individual servers and data were accessed in the course of the cyber attack despite immediate countermeasures. Neither the IT systems required for the performance of our business processes nor the essential employee, customer and partner data stored on them were compromised.
In the interim, the company’s own monitoring systems have detected the publication of Deutsche Leasing documents on the Darknet. The documents contain personal data. Deutsche Leasing has promptly notified the natural persons concerned.
Although there is currently no evidence that further personal data has been affected by the cyber attack in Germany and the publication, we cannot rule this out with certainty. For this reason, Deutsche Leasing is now informing any parties that may be affected by means of this announcement on its corporate website.
Additionally and noteworthy, the local file servers at DLNA have seen no evidence of intrusion or compromise, so in general our colleagues, partners, customers, etc. are not impacted.
Which data subjects and which data might be affected?
The data subjects and personal data that could potentially be affected may include employees or former employees of refinancing partner institutions, customers and prospective customers, guarantors, manufacturers, dealers, service providers, suppliers or beneficial owners with e.g. name and business contact details as well as identification numbers (copy of identity card or passport, tax ID and financial information in case of guarantors.
It also may include former employees, external employees or committee members with e.g. name, address, date and place of birth, curriculum vitae, “sensitive” data such as account or bank data, identification numbers (copy of identity card or passport, tax ID) as well as communication data (e.g. e-mails) or data pursuant to Art. 9 GDPR (e.g. data concerning health)
Which potential risks do you face as a result of the incident?
Given the usual conduct of such attacker groups, it cannot be ruled out that further personal data will be published and that control over the personal data concerned may be lost. In individual cases, it is also possible that data subjects may receive more spam mails or unsolicited advertising calls in the future. There may also be a risk of criminal use of the data, e.g. in the form of identity theft or similar activities.
What steps can you take to mitigate or avoid negative consequences resulting from the incident?
Deutsche Leasing kindly asks you to remain vigilant with regard to the security of your personal data. If you notice any unusual or suspicious activities (such as unusual account movements, increased volume of suspicious emails), please step up your own IT security measures right away. This includes immediately changing passwords you have used for a long time, consistently using more complex and hence more secure access codes or setting up 2-factor authentication for bank and social media accounts, as well as monitoring your own bank account for suspicious account activity.
What steps has Deutsche Leasing taken to mitigate or avoid negative consequences resulting from the incident?
Since 3 June 2023, Deutsche Leasing has been working closely with IT security experts and has commissioned a service provider to screen the Darknet and detect any data releases by the attacker group as soon as they occur. In addition, Deutsche Leasing has reported the incident to the relevant authorities within the applicable deadlines and has agreed the procedure for publishing the incident on its website.
Deutsche Leasing apologises for any inconvenience that the current development may cause to any individuals who may be affected.
Contact:
If you have any questions regarding the incident, please email us at nadataprivacyrequest@deutsche-leasing.com.