German Bank Loses €1.5 Million in Mysterious Cashout of EMV Cards


German Bank Loses €1.5 Million in Mysterious Cashout of EMV Cards (Sep 3, 2019)

A financially-motivated threat group, believed to be located in Brazil, conducted fraudulent transfers utilizing cloned debit cards to steal approximately €1.5 million ($1.65 million USD). The funds were stolen from cardholder accounts of 2,000 customers of the Germany-based bank Oldenburgische Landesbank AG (OLB). The threat group, which is still unknown as of this writing, only utilized cloned Mastercard debit cards in the theft. This prompted some security researchers to wonder what the cause of solely using Mastercard debit cards, which employed chip and pin technology, may imply from a security perspective. OLB has stated that this incident was the result of “organized cybercrime involving counterfeit cards and terminals” and that a security breach did not occur and that all customers were refunded their lost funds.

Recommendation: While some details regarding this incident has yet to be reported on in public sources, it can serve as a reminder that financially-motivated threat groups are constantly looking for new ways to make an illicit profit. Sometimes threat actors utilize Personally Identifiable Information (PII) and financial data from previous breaches or data leaks to create fraudulent credit and debit cards. Therefore, it is important to consider some type of identity theft protection service because so many significant data breaches have taken place to err on the side of caution.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.