Data Breaches Affect 400,000 Customers of Italy’s Largest Bank
Massive data breaches that have hit UniCredit, Italy’s largest bank, have reportedly affected 400,000 customers.
A press release by UniCredit says that it has been “…the victim of a security breach in Italy due to unauthorised access through an Italian third party provider to Italian customer data related to personal loans only.”
As per reports, it’s two breaches that happened one after the other that has put at risk the data pertaining to loan accounts belonging to 400,000 customers of the bank. The first data breach happened in 2016 while the second data breach has happened recently.
The UniCredit press release says- “A first breach seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017. Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods.”
UniCredit, however, has stated that it’s just some personal data and IBAN numbers that could have been compromised- “No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected, whilst some other personal data and IBAN numbers might have been accessed.”
Following detection of the data breaches, UniCredit first sought to pass on the intimation to all customers. In addition to posting a detailed press release, the bank also took to Twitter to inform international customers about the incident and also to pass on them a telephone number which could help them find out if they have been affected. UniCredit has also launched an audit, in addition to informing the authorities. Remedial actions have also been initiated. UniCredit’s press release, dated 26 July 2017, says- “UniCredit has launched an audit and has informed all the relevant authorities. In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.” UniCredit has also informed that it would from its side be contacting affected customers “through specific channels, not including email or phone calls”.
Reports suggest that UniCredit shares have fallen about 0.9% to 1% following the disclosure of the hack.
Banks all over have been attacked in recent years; data breaches that hit banks and financial firms are becoming more and more sophisticated. The financial losses involved in such data breaches are also mounting. In addition to carrying out data breaches, hackers also plan and execute denial-of-service attacks, which would block access to online banking service and cause much loss for the banks plus difficulties for the customers.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.