UniCredit identifies data breach in Italian client records

UniCredit said on Monday its cyber security team had identified a data breach involving a file created in 2015 and containing approximately 3 million records, all regarding Italian clients.

Italy’s biggest lender by assets said no bank details which would permit access to customer accounts or allow for unauthorized transactions had been compromised.

„The UniCredit cyber security team has identified a data incident involving a file generated in 2015 containing a defined set of approximately 3 million records limited to the Italian perimeter. The records consist of names, city, telephone number and email only. Consequently no other personal data or any bank details permitting access to customer accounts or allowing for unauthorized transactions have been compromised.”, according to a press release.

„UniCredit immediately launched an internal investigation and has informed all the relevant authorities, including the police.The bank is contacting all potentially affected persons exclusively by post and / or online banking notifications.”, the bank said.

Since the 2016 launch of Transform 2019, Unicredit Group has invested an additional 2.4 billion euro in upgrading and strengthening its IT systems and cyber security.

„In June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions. This new process requires a onetime password or biometric identification  further reinforcing its strong security and client protection.”, the bank added.