July 26, 2017 by

Italy’s largest bank, UniCredit, experiences breach of 400,000 accounts

One of the biggest breaches targeting European banking has occured this year. Italy’s largest bank, UniCredit, experiences breach of 400,000 accounts, and the attack affected hundreds of thousands of customers. The hackers gained access to biographical and loan data of UniCredit’s clients.

The following statement was released by UniCredit:

“A first breach seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017”

“No data, such as passwords allowing access to customer accounts or allowing for unauthorized transactions, has been affected, whilst some other personal data and IBAN [account] numbers might have been accessed.”

According to the statement, data of approximately 400,000 customers in Italy is assumed to have been impacted during these the two periods stated above. However, the breach has been just discovered this week. The affected customers include those who have taken out loans from the bank. Fortunately, customer credentials were not stolen, nor was any information that would allow hackers to steal funds.
It is said that the hack might have been conducted by a third-party supplier affiliated with the bank. The bank discovered the breach when they found that users from the third party were looking though client data.

The bank has released an audit and informed the necessary authorities. Those who believe they have been affected were told to call UniCredit’s toll free number 800 323285 or to call their regular branch. The bank will also be reaching out to its affected customers.

UniCredit has also stated they will be investing €2.3 billion into upgrading and strengthening its IT systems. This is the first attack targeting an Italian bank and the second attack UniCredit has experienced this year; it is time Italian banks massively invest into security and cyber defense. With GDPR being enforced next year by the European Union, if an attack were to occur next time UniCredit may not be so lucky. If breaches occur through its third party clients, they will be held responsible and pay large fines.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Netflix Launches Public Bug Bounty Program

Streaming giant Netflix has announced the launch of a public bug bounty program designed to allow...

Read more arrow_forward

15-Year-Old Hacks Ledger Hardware Cryptocurrency Wallet

A teenage hacker has discovered a flaw in Ledger, a popular hardware wallet that could essentially...

Read more arrow_forward

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward