Italian banking group UniCredit has uncovered a data breach involving the personal records of 3 million domestic clients. This is the third security incident at Italy’s top bank in recent years.
UniCredit has said that the latest breach relates to a 2015 file containing emails and phone numbers of millions of Italian clients. The bank claims to have spent €2.4 billion since 2016 to upgrade its IT systems and boost cyber security. UniCredit is due to present a new business plan in early December.
In a statement, UniCredit has said that the compromised records contained no details that would allow access to customer accounts or for unauthorised transactions to be carried out. The bank is contacting customers who might be affected by post or via online banking notifications. An internal investigation is ongoing. According to a spokesman for UniCredit, no details could be disclosed on how the breach happened.
Initial evidence of the incident emerged last Thursday. The breach was confirmed at the weekend, prompting UniCredit to inform all relevant authorities including the police.
Separately, Italian police have announced that they are carrying out checks in relation to unauthorised access to the UniCredit file to see if any crimes had been committed.
In recent years, UniCredit has been victim two separate suspected hacker attacks, one of which took place in September-October 2016 the other in June-July 2017. These attacks affected approximately 400,000 Italian customers. Those attacks were carried out via an external commercial partner which UniCredit did not identify. This latest incident does not appear to be related to the earlier episodes.
Shares in UniCredit were down 0.4% by 1211 GMT on Monday.