Italy’s largest bank, UniCredit, experiences breach of 400,000 accounts

One of the biggest breaches targeting European banking has occured this year. Italy’s largest bank, UniCredit, experiences breach of 400,000 accounts, and the attack affected hundreds of thousands of customers. The hackers gained access to biographical and loan data of UniCredit’s clients.

The following statement was released by UniCredit:

“A first breach seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017”

“No data, such as passwords allowing access to customer accounts or allowing for unauthorized transactions, has been affected, whilst some other personal data and IBAN [account] numbers might have been accessed.”

According to the statement, data of approximately 400,000 customers in Italy is assumed to have been impacted during these the two periods stated above. However, the breach has been just discovered this week. The affected customers include those who have taken out loans from the bank. Fortunately, customer credentials were not stolen, nor was any information that would allow hackers to steal funds.
It is said that the hack might have been conducted by a third-party supplier affiliated with the bank. The bank discovered the breach when they found that users from the third party were looking though client data.

The bank has released an audit and informed the necessary authorities. Those who believe they have been affected were told to call UniCredit’s toll free number 800 323285 or to call their regular branch. The bank will also be reaching out to its affected customers.

UniCredit has also stated they will be investing €2.3 billion into upgrading and strengthening its IT systems. This is the first attack targeting an Italian bank and the second attack UniCredit has experienced this year; it is time Italian banks massively invest into security and cyber defense. With GDPR being enforced next year by the European Union, if an attack were to occur next time UniCredit may not be so lucky. If breaches occur through its third party clients, they will be held responsible and pay large fines.