Italy’s Biggest Bank Suffers Data Breach Affecting Hundreds of Thousands of Customers

Media Division | July 26, 2017

There are a few different types of organizations that tend to be much larger targets for cyber criminals. One of these more frequent targets is, of course, financial organizations for the obvious reason of the large amounts of money and financial data that they can hold. These institutions are a treasure trove for cyber attackers, as monetary gain is often one of their largest goals. Even data not related to direct account access can generally be sold on the black market for a pretty penny. And unfortunately, various financial organizations all around the globe continue to be hit by vicious attacks. In a recently disclosed incident, UniCredit, the largest bank in Italy has been compromised by hackers.

The hack is said to be one of the biggest breaches of European banking this year. It was discovered that the perpetrators had purloined loan data and biological information from around 400,000 client accounts. The initial attack on the bank occurred in September and October of 2016, and June and July of the present year, but UniCredit had said that they only discovered the breach this week. The breach seems to have stemmed from hackers gaining access through a third party connected with the bank. In the midst of doing checks, the IT department had found anomalies where external users from the third party had been accessing client data, according to the CEO of the bank’s IT unit. Upon discovering this, the bank then immediately blocked the unauthorized user access and upgraded their systems. UniCredit has said that International Bank Account Numbers (IBANs) and some other personal data may have been compromised. Fortunately, no passwords or other types of data that would allow access to accounts or unauthorized transactions was stolen.

How UniCredit is Handling the Breach

The bank is now working to strengthen its systems and infrastructure, even to the point of investing 2.3 billion euro in upgrading these IT systems, while ensuring that they remain in compliance with regulations. They also said that they have begun an audit, and will be filing a report with the Milan prosecutor. A computer emergency response team was created last year by the Association of Italian Banks and Italy’s central bank for the purpose of bolstering financial cyber security, and this team is currently monitoring the ongoing situation with UniCredit. There do not appear to be any reports as to how the bank is handling the breach with their customers and ensuring their further protection. Though the bank has set up a phone line for customers to call for any questions about the breach, and for international customers to find out if they were affected by the incident.

The Modern Security Required to Prevent Cyber Attacks

There are many different actions and implements that are quite necessary for an organization to be able to thoroughly prevent cyber attacks. Modern threats and attackers are more adept than ever at circumventing basic security measures like anti-virus and firewalls, though these are still necessary as part of the whole scene. Nowadays, it also requires tools and services like monitoring and intelligence, as proper security in the modern age means prediction, prevention, and proactive defense. With how threats can lurk insidiously in the dark web and within systems, an organization must be able to have foresight in protecting themselves from these threats. Otherwise, an organization may find themselves the victim of an attack, and some may not even discover the threat within their systems for months. Massive Alliance offers a wide array of tools and services that can help organizations to prevent cyber attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.