UniCredit has revealed a data breach resulting in the leak of information belonging to three million customers.
On Monday, the Italian bank and financial services organization said that a compromised file, generated in 2015, is the source of the security incident.
In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered.
While UniCredit caters to an international client base, each record related to an Italian customer.
UniCredit is keen to emphasize, however, that the data leak did not include any financial information or the credentials required to access client accounts.
Therefore, those involved in the breach have lost Personally Identifiable Information (PII) which can be used in social engineering campaigns and potentially contribute to identity theft, but the chance of unauthorized transactions caused by the data leak is slim.
The company has launched an internal investigation into how the breach took place and has informed relevant authorities, including law enforcement. Impacted customers will be informed by post or via online banking.
"Since 2016, the Group has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cybersecurity," UniCredit says. "Customer data safety and security is UniCredit's top priority and in June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions."
This is not the first time UniCredit has faced a data breach incident. In July 2017, the bank said it had become a victim of data theft due to a third-party provider accessing Italian customer data without consent or authorization.
Two separate breaches occurred; one between September and October 2016, and another between June and July 2017. Information belonging to approximately 400,000 Italian customers was impacted, including PII and IBAN numbers.
Previous and related coverage
- 700,000 Choice Hotels records leaked in data breach, ransom demanded
- Your business hit by a data breach? Expect a bill of $3.92 million
- DK-Lok data breach exposes global enterprise client data, internal emails
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0