UniCredit confirms data breach

UniCredit has announced that it has been the victim of a security breach in Italy due to unauthorised access through a third party provider to Italian customer data related to personal loans.

A first breach seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017. Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods.

UniCredit has confirmed that no data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected; however some other personal data and IBAN numbers may have been accessed.

UniCredit has launched an audit and has informed all the relevant authorities. UniCredit will also file a claim with the Milan Prosecutor's office. The bank has also taken immediate remedial action to close this breach.

In a statement, the Italian financial group said: “Customer data safety and security is UniCredit's top priority and as part of Transform 2019, UniCredit is investing €2.3 billion in upgrading and strengthening its IT systems.

The news follows an announcement last year that the firm would cut a further 6,500 jobs at the same time as investing billions of euros in digitisation as part of its new three year strategic plan.

The bank said it will be updating its core systems and investing in its IT operations, while closing hundreds of branches across Europe. The measures have been introduced to generate €1.7 net annual recurring cost savings from 2019.

Related Articles