Deutsche Bank AG has confirmed that a data breach on one of its service providers has exposed customer data. The bank identified the incident as a MOVEit Transfer data breach attack, according to a statement to Bleeping Computer. \n\n\u201cWe have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany,\u201d a Deutsche Bank spokesperson told Bleeping Computer. \n\nMOVEit is a file transfer software by Progress Software.\n\nThe threat actors gained access to the data of thousands of bank customers whose requests to change accounts had been transferred to an external data provider called Majorel Germany, according to Bloomberg. \n\nThe account switching service provider, Majorel Germany, told local German media outlets that it had been the target of a cyberattack. \u201cAs part of a security gap in the MOVEit software, which affects many companies around the world, Majorel Germany has become the target of a hacker attack,\u201d Majorel told the media outlets. \n\nThe exposed data included customer names and account numbers. Deutsche Bank also warned that more than 100 companies in over 40 countries were potentially affected.\n\nLinked to MOVEit software exploit\n\nWhile targeting Majorel Germany, threat actors took advantage of an SQL injection vulnerability found in the MOVEit software to gain access to the data. The vulnerability had been exploited before the company sent out a notification about it on May 31. Customers of the software were advised to check for indicators of unauthorized access over at least the prior 30 days.\n\nAs of May 31, there were about 2,500 instances of MOVEit Transfer exposed to the public internet, the majority of which seemed to be in the US. The attacks have been linked to the Russia-based Clop ransomware gang.\u00a0\n\n\u201cThe attack took place before the software\u2019s vulnerability became public and only affected a single system running MOVEit software in Germany,\u201d the bank said in the statement, adding that Deutsche Bank\u2019s systems were unaffected.\u00a0\n\nOther German banks were also affected\n\nThe data leak at the account switching service provider has also affected Postbank, Comdirect and ING, according to German news outlet Handelsblatt.\n\n\u201cAccording to the current state of knowledge, a low four-digit number of customers who have used the statutory account switching assistance when opening a current account with us are affected,\u201d ING told the publication. \n\nWhile Commerzbank confirmed that customers of its Comdirect brand were affected by the data leak. \n\nLast month, the personal data of over 45,000 public school students was compromised in a breach involving MOVEit, according to the New York City Department of Education. The data impacted included Social Security numbers and employee ID numbers.\n\nTwo arms of the US Department of Energy (DOE), the US Department of Agriculture and the Office of Personnel Management, have also been targeted by the attacks. Meanwhile, the US State Department\u2019s Rewards for Justice program has announced up to a $10 million bounty for information that can be proof to link the Clop ransomware attacks to a foreign government.