Bottom line: The ransomware group Unsafe claims to have breached Deutsche Bank and stolen employee data including email addresses, hashed passwords, and private home addresses.
The extortion group Unsafe has presented Deutsche Bank as a new victim on its darknet platform and published screenshots of database queries. Cybersecurity analysts from Cybernews have identified access to employee data in these images.
The extortion group Unsafe has published screenshots of command lines and database queries allegedly sourced from multiple internal databases of Deutsche Bank. Cybernews analysts examined the images and identified database queries that provide access to employee data. According to security researchers, the visible excerpts so far contain employee email addresses, hashed passwords, private home addresses, and additional entries from internal systems.
Based on the published material, it is currently not possible to verify whether customer data has also been compromised alongside employee data. Cybernews researchers are unwilling to make a firm statement on this. Deutsche Bank has not yet commented on the incident.
For a CISO, data leakage limited to employee data still presents a significant risk: hashed passwords can be attacked offline, email addresses and home addresses serve as the basis for targeted phishing campaigns. Such internal datasets also enable attackers to analyze an organization’s IT landscape and subsequently compromise privileged accounts through social engineering.
Unsafe operates according to the ransomware-as-a-service model and employs double extortion: target organizations are confronted with encrypted systems while simultaneously being threatened with the publication of stolen data. According to SocRadar, the group uses zero-day vulnerabilities for initial access and deploys malware such as GrandCrab and Emotet. After successfully breaching a system, the perpetrators deliberately disable security mechanisms and eliminate traces to secure persistent access.
Unsafe has been active since December 2022. After a quieter period in 2024 and 2025, the group has shown significantly increased activity since 2026. Known target countries are the USA, Germany, Switzerland, and France.
Source: www.it-daily.net · Published July 8, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.