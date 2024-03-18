DBafin has imposed a fine of 50,000 euros on Deutsche Bank. The reason is the late reporting of a “customer-relevant IT security incident”, in which the bank also provided incorrect information, according to Bafin.

It is said to have been a security gap in customer authentication for online banking. Postbank customers were affected. According to the regulations, banks must inform Bafin if there is a serious operational or security incident in their payment services. Tight deadlines apply. A bank must indicate whether the incident is serious or not after 24 hours at the latest. If it is clear from the outset that the matter is serious, institutions only have four hours to report it.

Online access to Postbank accounts

The IT security vulnerability in question was discovered in June 2023, at a time when Postbank was having major customer service problems. However, there should not be a direct connection with IT data migration. The security gap was also closed immediately after it was discovered.

“Deutsche Bank has accepted a fine from Bafin,” said a Deutsche Bank spokesman.