July 26, 2017 by

Italy’s largest bank, UniCredit, experiences breach of 400,000 accounts

One of the biggest breaches targeting European banking has occured this year. Italy’s largest bank, UniCredit, experiences breach of 400,000 accounts, and the attack affected hundreds of thousands of customers. The hackers gained access to biographical and loan data of UniCredit’s clients.

The following statement was released by UniCredit:

“A first breach seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017”

“No data, such as passwords allowing access to customer accounts or allowing for unauthorized transactions, has been affected, whilst some other personal data and IBAN [account] numbers might have been accessed.”

According to the statement, data of approximately 400,000 customers in Italy is assumed to have been impacted during these the two periods stated above. However, the breach has been just discovered this week. The affected customers include those who have taken out loans from the bank. Fortunately, customer credentials were not stolen, nor was any information that would allow hackers to steal funds.
It is said that the hack might have been conducted by a third-party supplier affiliated with the bank. The bank discovered the breach when they found that users from the third party were looking though client data.

The bank has released an audit and informed the necessary authorities. Those who believe they have been affected were told to call UniCredit’s toll free number 800 323285 or to call their regular branch. The bank will also be reaching out to its affected customers.

UniCredit has also stated they will be investing €2.3 billion into upgrading and strengthening its IT systems. This is the first attack targeting an Italian bank and the second attack UniCredit has experienced this year; it is time Italian banks massively invest into security and cyber defense. With GDPR being enforced next year by the European Union, if an attack were to occur next time UniCredit may not be so lucky. If breaches occur through its third party clients, they will be held responsible and pay large fines.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Former Rutgers Student Pleads Guilty to Creating Mirai Botnet

A former Rutgers university student is among three men who pleaded guilty to creating the dreaded...

Read more arrow_forward

Hackers Invade Safety System of Critical Infrastructure Facility

Hackers, presumed to work for a nation-state, recently hacked a safety system belonging to a...

Read more arrow_forward

New Ransomware ‘Spider’ Threatens Wipeout in 96 Hours

A new strain of ransomware discovered by security researchers encrypts files and gives victims a...

Read more arrow_forward