UniCredit reports data breach affecting three million accounts
UniCredit has identified a data breach which may have exposed the records of three million of its Italian account holders.
The bank’s cybersecurity team identified a data incident involving a file created in 2015 and containing a defined set of three million records relating to its Italian customers.
The records consist of names, cities, telephone numbers and email addresses. The bank stresses that no other personal data or any bank details permitting access to customer accounts has been leaked.
UniCredit says in a statement that it immediately launched an internal investigation, has informed “all relevant authorities”, and is informing all affected customers exclusively by post or online banking notifications.
The bank adds that since 2016 it has invested €2.4 billion in upgrading its IT systems and cyber security.
UniCredit suffered a pair of data breaches affecting 400,000 customers in July 2017, which it blamed on a third-party provider.