Yesterday, this site reported that the DoppelPaymer ransomware attackers had claimed to have attacked CD Bank, the online part of TBK Bank in Texas. The hackers uploaded what they claimed as proof of the hack and exfiltration. Unable to get a response from CD Bank for two days, DataBreaches.net reported the attackers’ claims, uploaded redacted screenshots of the claimed proof, and sent an inquiry to TBK Bank.
This morning, DataBreaches received the following statement from TBK Bank:
Reports that CD Bank has been a target of ransomware are false. Our Information Security team and our core provider have conducted a thorough review and have found no evidence that CD Bank was compromised. The evidentiary documents are unrelated to CD Bank or any of its related entities.
Although DataBreaches.net correctly identified the situation as being the attackers’ claims that had not been confirmed or refuted, in light of TBK’s statement, DataBreaches.net apologizes to TBK Bank and CD Bank if they were not the victims. Hopefully, we’ll find out more about who the victim really was. I hope the DoppelPaymer will contact this site with a statement or more proof.
Update: The hackers have now updated their leaks site to change the victim’s name and url to Community Development Bank.
That attribution is consistent with what I found when I pursued digging into the erroneous identification, and although that bank has not yet returned my call and voicemail message, Doppel has commented under this post confirming that it was an error that they have corrected.