On Monday, UniCredit revealed to the public that a 2015 file comprised of names, addresses, phone numbers, and email addresses pertaining to more than 3 million of their customer base was compromised and leaked.
This occurred in spite of spending an additional €2.4 billion over the past 3 years on cyber security enhancements to their IT systems. Despite UniCredit catering to a wide range of customers worldwide, the records leaked in Monday’s attack were related to only their Italian client base.
The data breach was reported to authorities last Thursday, October 24th, while a company representative relayed the information to Reuters. While there were no details with regards to how the breach was able to happen, the spokesman did confirm that there is an internal investigation ongoing. Italian police are also examining the possibility that other crimes may have been committed in conjunction with the security breach.
This is the third such incident of its kind to affect UniCredit after two previous data breaches in September to October of 2016 and June to July of 2017 in which the private information of over 400,000 Italian customers was compromised. It is not thought that this latest attack is linked to those two in any way, however, as they were the result of a third party accessing customer data without any form of authorization or consent.
The Italian bank was quick to assure customers in their statement issued on Monday, however, that there was no serious financial information leaked in the data breach, nor were there any compromising information leaked that could lead to unauthorized access of customer accounts. The data lost by those affected is Personally Identifiable Information (PII) which won’t be able to lead to any unauthorized transactions. It is, however, usually used for social engineering campaigns, and it can potentially aid those who wish to commit identity theft.
UniCredit customers who may have been affected by the breach will have been contacted by them either by online banking notifications or via the post. A new business plan is expected to be presented by the bank in early December.
And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.