UniCredit, an Italian global banking, and financial services company have announced that it has suffered a security breach in which data of 400,000 customers have been impacted. In a press release, the bank said hackers targeted its cyber infrastructure in Italy back in September and October 2016 and then again in June and July 2017 which led to investigations.
The investigation showed that the targeted department was related to personal loans whose computers were accessed by hackers due to a local third party provider working with the customer data. Therefore it is being assumed that the hackers were able to steal IBANs, names, cell phones, and addresses.
UniCredit is confident that passwords allowing customers to access their bank accounts or carry transactions were not obtained during the attack.
— UniCredit Group (@UniCredit_PR) July 26, 2017
“UniCredit has launched an audit and has informed all the relevant authorities. In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach,” said the press release.
The bank said the breach has been “closed” while it plans to contact the Milan Prosecutor’s office to file the claim. Those affected by the incident will also be contacted by the bank however those looking to talk to the bank directly can call on toll-free number 800 323285.
This is not the first time when an Italian institution has come under cyber attack. Previously, Anonymous claimed to steal and leak one terabyte of data from Expo 2015 tickets website to protest against the event.
Last year, Anonymous hackers claimed responsibility for hacking several Italian job portals and leaked a massive trove of their data to protect against new labor laws. While the biggest data breach from Italy came in 2015 when Milan based surveillance tool developers “Hacking Team” suffered a massive hack in which hackers leaked its source code online.
As for the UniCredit bank, none of the hacking groups have taken responsibility or claimed the hack anywhere including social media. Stay tuned for more information on the issue.