Italy’s UniCredit Reveals Massive Data Breach Involving 400,000 Bank Accounts

By and Edward Robinson | July 26, 2017

UniCredit SpA said hackers accessed about 400,000 client bank accounts in Italy, taking biographical and loan data in one of the biggest breaches in Europe to date.

The breaches occurred in September and October of 2016 and June to July of this year, the bank said on Wednesday in an emailed statement. Unauthorized access through an Italian third party provider gave access to some customer data related to personal loans, with the lender saying IBAN numbers and other personal data may also have been accessed.

Banks are boosting cyber-defense budgets and hiring former intelligence and law enforcement officials to build up defenses against hackers as lenders open their networks to connect with new money-management apps and other fintech offerings. In the UK, banks such as Barclays Plc and HSBC Holdings Plc have joined forces with law enforcement in a unit called the Cyber Defence Alliance.

Prominent hacker attacks such as WannaCry in May and Petya in June that penetrated 80 Ukrainian banks, government agencies and multinational firms such as shipping giant A.P. Moller-Maersk AS have raised awareness of the vulnerability of some companies.

“There aren’t material damages for the bank and its clients from these attacks,” Daniele Tonella, CEO of UniCredit Business Integrated Solutions, the IT unit of the bank, said in a phone interview. “No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected,” he said.

The breach involved customers with financing and consumer-credit loans with UniCredit, said Tonella. The bank’s IT department discovered anomalies while conducting checks, finding that some users from an external commercial partner were accessing client data. UniCredit, immediately blocked the intruders, closed the breaches and upgraded the system, he said.

UniCredit, which is investing 2.3 billion euros ($2.7 billion) in upgrading and strengthening its IT systems, has started an audit and will file a report with the Milan prosecutor, it said. The bank’s IT investments include the strengthening of infrastructure through digitalization activities, technological development of core systems and the continuous updating of the infrastructure, while ensuring compliance with regulatory requirements.

Was this article valuable?

Here are more articles you may enjoy.