Joint communication by Deutsche Leasing Bulgaria EAD (“DLB”) and other group companies in foreign countries (in the following jointly referred to as "Deutsche Leasing") pursuant to Art. 34 (3) lit. c of the General Data Protection Regulation
Cyber-attack on 3 June 2023 – what happened?
As previously published on this site, Deutsche Leasing detected on 3 June 2023 a cyber-attack on parts of the IT systems of the central IT services provider of the group. The company reacted instantly and followed the contingency plan, shut down access to the systems and involved or informed all relevant (investigative) authorities. Together with external IT forensic experts and IT security consultants, Deutsche Leasing then worked on analysing the attack and securing evidence. Having completed the IT forensic analysis, Deutsche Leasing has now successfully put its IT systems, applications and IT interfaces with customers and partners back into operation.
Data theft detected
IT forensic analysis revealed that individual servers and data of some companies from the group were accessed in the course of the cyber attack despite immediate countermeasures. Neither the IT systems required for the performance of our business processes nor the essential employee, customer and partner data stored were compromised.
In the interim, monitoring systems have detected the publication on the Darknet of documents related to some foreign companies from the Deutsche Leasing group (not of DLB) . The documents contain personal data. Relevant Deutsche Leasing controllers have promptly notified the natural persons concerned.
Although there is currently no evidence that further personal data has been affected by the cyber attack and the publication, we cannot rule this out with certainty. For this reason, Deutsche Leasing is now informing any parties that may be affected by means of this announcement on its corporate website.
Which data subjects and which data might be affected?
The data subjects and personal data that could potentially be affected may include individuals as employees or representatives from customers, guarantors, manufacturers, dealers, service providers, suppliers or beneficial owners with e.g. name and business contact details as well as identification numbers (of identity card, passport, personal tax ID) and financial information in case of individual guarantors or customers.
It also may include company’s former employees, external employees with e.g. name, address, date and place of birth, curriculum vitae, “sensitive” data such as account or bank data, identification numbers (of identity card or passport, personal tax ID) as well as communication data (e.g. e-mails) or data pursuant to Art. 9 GDPR (e.g. data concerning health in connection with employment relationship).
Which potential risks do you face as a result of the incident?
Given the usual conduct of such attacker groups, it cannot be ruled out that further personal data will be published and that control over the personal data concerned may be lost. In individual cases, it is also possible that data subjects may receive more spam mails or unsolicited advertising calls in the future. There may also be a risk of criminal use of the data, e.g. in the form of identity theft or similar activities.
What steps can you take to mitigate or avoid negative consequences resulting from the incident?
Deutsche Leasing kindly asks you to remain vigilant with regard to the security of your personal data. If you notice any unusual or suspicious activities (such as unusual account movements, increased volume of suspicious emails), please step up your own IT security measures right away. This includes immediately changing passwords you have used for a long time, consistently using more complex and hence more secure access codes or setting up 2-factor authentication for bank and social media accounts, as well as monitoring your own bank account for suspicious account activity
What steps has Deutsche Leasing taken to mitigate or avoid negative consequences resulting from the incident?
Since 3 June 2023, Deutsche Leasing has been working closely with IT security experts and has commissioned a service provider to screen the Darknet and detect any data releases by the attacker group as soon as they occur. In addition, Deutsche Leasing has reported the incident to the relevant authorities within the applicable deadlines.
Deutsche Leasing apologises for any inconvenience that the current development may cause to any individuals who may be affected.
If you have any questions regarding the incident, please email us at firstname.lastname@example.org.