A new lawsuit filed in the Supreme Court of the State of New York alleges a significant security breach at Deutsche Bank’s U.S. headquarters and claims a subsequent cover-up and whistleblower retaliation involving major IT contractor Computacenter United States, Inc. (CC), Deutsche Bank Securities, Inc. (DBS), DB USA Corporation, Deutsche Bank AG, and a senior Deutsche Bank executive
Background and Allegations
The plaintiff, James Papa, an experienced information technology (IT) professional, began his employment with Computacenter United States, Inc. in May 2022 as a Service Delivery Manager (SDM). CC, a subsidiary of the London Stock Exchange-listed Computacenter plc (LSE: CCC), operates IT data centers for large corporate clients, including Deutsche Bank (NYSE: DB), one of the world’s largest financial institutions.
According to the complaint, CC had a multi-year, $50 million contract to manage Deutsche Bank’s technology rooms (“Tech Rooms”) at its U.S. headquarters, 1 Columbus Circle, New York.
These Tech Rooms house critical computer servers and databases containing sensitive private banking data for hundreds of thousands of clients and millions of transactions.
Security protocols, including restricted badge access and credential scanning, were in place to protect these assets.
The Security Breach
In March 2023, Papa learned that a CC employee had repeatedly brought an unauthorized individual, identified as “Jenny,” a Chinese national with significant computer expertise-into Deutsche Bank’s headquarters and Tech Rooms.
Notably, Jenny was permitted entry by Deutsche Bank’s security staff, bypassing established protocols prohibiting non-CC employees from accessing these secure areas.
Jenny allegedly accessed a CC laptop connected to Deutsche Bank’s network, raising concerns about potential data breaches and cyber-espionage.
Papa, who supervised the CC team at the site, was made aware of these repeated violations only after they occurred, as they happened during his absence.
Upon discovery, he reported the breach to his superiors at CC, engaging in what is legally defined as protected whistleblower activity under New York State Labor Law § 740 (the Whistleblower Protection Law)1.
Retaliation and Alleged Cover-Up
After reporting the incident, Papa alleges that both CC and Deutsche Bank, including his direct supervisor Marc Senatore (DB Vice President), conspired to retaliate against him.
Instead of investigating or reporting the breach to regulators such as the U.S. Securities and Exchange Commission (SEC)-as required for publicly traded companies- Papa claims the companies sought to suppress the incident to protect their reputations and business interests.
Papa was suspended following a contentious meeting with legal and security representatives from both companies and was ultimately terminated on July 31, 2023.
The complaint asserts that he was made a scapegoat, while neither the employee who brought Jenny nor Jenny herself faced law enforcement or regulatory scrutiny.
No notification was made to the SEC or the Federal Reserve, despite the potential implications for client data security and regulatory compliance.
Legal Claims and Relief Sought
The lawsuit brings multiple causes of action, including:
- Retaliation under New York State Labor Law § 740 against both CC and Deutsche Bank/Senatore.
- Tortious interference with business relationships.
- Negligence in maintaining security protocols.
- Conspiracy to interfere with Papa’s employment relationship.
Papa seeks compensatory and punitive damages totaling at least $24 million, plus attorney’s fees and other relief as the court deems appropriate.
The complaint details that the defendants’ actions were “willful, malicious or wanton,” warranting the maximum penalties under the law.
Technical and Regulatory Implications
The case highlights critical issues in IT security, including the enforcement of access controls, credential management, and the legal obligations of financial institutions under SEC regulations.
The alleged failure to report a breach involving unauthorized network access and potential exposure of sensitive data could have significant consequences under federal cybersecurity and data privacy laws.
As the case proceeds, it is expected to draw attention from regulators, cybersecurity professionals, and corporate governance experts, given the intersection of whistleblower protections, IT security, and financial industry compliance.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=A new lawsuit filed in the Supreme Court of the State of New York alleges a significant security breach at Deutsche Bank’s U.S. headquarters){kind=link}