In total around 85,000 customers have had their MasterCard or Visa credit cards exchanged over the past few weeks, with the banks saying it is a purely precautionary measure.
Hackers broke into a weak spot in the security systems of the banks through an accounting firm in western Germany, the Berliner Zeitung reports.
Postbank, Commerbank, and Landesbank Berlin, which owns Berliner Sparkasse, were all affected.
Worst hit was Postbank which has had to exchange 55,000 cards. Sparkasse and Commerzbank have each sent out 15,000 new cards to customers.
A spokesperson for Postbank told The Local that the security risk had hit customers across Germany, but that the measure was a purely precautionary one.
“While the number of 55,000 may sound high, one should remember that we have given out a total of 1.6 million credit cards to our customers,” she said.
Affected customers would be informed by post she said, “but this does not mean that their old cards have been misused.”
Postbank could not confirm whether money had in fact been stolen from any of its customers but said that, in the case that this has taken place “customers would of course be compensated after a careful investigation of their complaint.”
Sparkasse customers received an email which said “We believe that someone has had access to your credit card data. That can for example occur during a payment process.”
But a spokesperson for the bank reassured customers that the exchange of cards was purely a precautionary measure.
“As soon as our early detection mechanisms receive indications [of suspicious activity], threatened cards are blocked and exchanged,” Konstanze Stempel told the Berliner Zeitung.
If individual customers have lost money as a result of the data theft, “the bank will of course compensate them,” Stempel said.
The accounting company which is alleged to have been the target of the attack denied that hackers could have accessed customer details through them, placing the blame instead on a third party which accepts credit cards.
“”That could for example be an online shop or a hotel, in which the payment mechanism was manipulated,” a spokesperson told the Berliner Zeitung.