UniCredit says 400,000 accounts hacked, exposing biographical and loan data
Milan, Italy - UniCredit SpA said hackers accessed about 400,000 client bank accounts in Italy, taking biographical and loan data in one of the biggest breaches in Europe to date.
The incidents occurred in September and October of 2016 and June to July of this year, the bank said on Wednesday in an emailed statement.
Unauthorised access was gained through an Italian thirdparty provider to some customer data related to personal loans, with the lender saying IBAN numbers and other personal data may also have been reached. A spokesman declined to identify the third party involved.
The most recent attacks were detected between Monday and Tuesday and led to the discovery of the incidents that took place last year, two people familiar with the matter said, asking not to be identified.
“This is the first attack targeting an Italian bank and confirms that IT systems, particularly in Italy, need massive investment to avoid a loss of confidence,” said Francesco Confuorti, chief executive officer of Advantage Financial SA, a Milan-based investment firm.
The breach at UniCredit involved customers with financing and consumer-credit loans, Daniele Tonella, CEO of UniCredit Business Integrated Solutions, the IT unit of the bank, said in a phone interview.
The bank’s IT department discovered anomalies while conducting checks, finding that some users from an external commercial partner were accessing client data. UniCredit, immediately blocked the intruders, closed the breaches and upgraded the system, Tonella added.
“There aren’t material damages for the bank and its clients from these attacks,” Tonella said.
“No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected.”