#Privacy: UniCredit confirms data breach

The Italian bank giant, UniCredit has announced that three million of its clients were affected by a data breach.

On Monday, the UniCredit cyber security team identified a data breach involving a file created in 2015, containing approximately 3 million records relating to Italian clients.

The lender stated that no details which could be used to access customers’ bank accounts or payment information, had been accessed.  However, the data breach exposed the names, telephone numbers, email addresses and the cities of where the clients were registered.

An internal investigation has been launched and all relevant authorities, including law enforcement have been informed. Impacted clients will be informed via online banking or by post. 

“Since 2016, the Group has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cybersecurity,” UniCredit says. “Customer data safety and security is UniCredit’s top priority and in June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions.”

This isn’t the first time UniCredit have been faced with a data breach. In 2016, the company disclosed a data breach which resulted in 400,000 Italian clients being impacted. Additionally, in 2017, UniCredit announced that it was a victim of data theft due to a third-party provider gaining unauthorised access to the data of the clients.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.