Italy’s UniCredit confirmed that personal financial data of some 400,000 customers who took out loans through the bank have been unlawfully acquired a number of unauthorised third parties.
The breach is blamed on a third party provider of customer reference data. The first breach seems to have occurred in September and October 2016 with a second breach occurring in June and July 2017.
The bank issued a statement saying “Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods,” no data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected, whilst some other personal data and Iban numbers might have been accessed.”
UniCredit has launched an audit and intends to file a claim with the Milan Prosecutor’s office.
A bank spokesperson said: “Customer data safety and security is UniCredit’s top priority and as part of Transform 2019, we are investing 2.3 billion euro in upgrading and strengthening its IT systems.”