UniCredit, Italy’s largest bank, has revealed the size and scope of a 2015 data breach that saw private information of up to 3 million customers accessed by hackers.
Reuters is reporting that “the lender, which said the latest breach related to a 2015 file containing emails and phone numbers of millions of Italian clients, has spent 2.4 billion euros since 2016 to upgrade its IT systems and boost cybersecurity.”
The bank says it has launched an internal investigation into the breach, informing the relevant authorities and law enforcement, and customers impacted by the breach will be notified by post or their online banking service. In the wake of the attack, the bank is expected to release a revised business plan to investors in early December.
"Since 2016, the Group has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cybersecurity," UniCredit
Reports state that the first evidence of the incident arose last week, and confirmed over the weekend.
In a statement, UniCredit said that "since 2016, the Group has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cybersecurity," UniCredit says. "Customer data safety and security is UniCredit's top priority and in June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions."
ZDnet is reporting that “this is not the first time UniCredit has faced a data breach incident. In July 2017, the bank said it had become a victim of data theft due to a third-party provider accessing Italian customer data without consent or authorization.”
“Two separate breaches occurred; one between September and October 2016, and another between June and July 2017. Information belonging to approximately 400,000 Italian customers was impacted, including PII and IBAN numbers,” the report says.