Based in Milan, UniCredit Banca is the largest bank in Italy whilst maintaining a global reach with its banking and financial services. Unfortunately, the bank was subject to two security breaches that may have compromised hundreds of thousands of customers’ information.
It’s believed that hackers may have stolen personal data and certain financial information. Customer account numbers may be compromised but UniCredit has assured the public that account passwords were not accessed and therefore unauthorised transactions cannot be made.
Or so we hope…
Whilst data breaches are reported regularly, it’s unusual for a bank to be breached. Given the obvious valuable nature of a banking institution’s data, security is often a top priority. Many banks adopt the highest security measures to protect its own and its clients assets.
This security breach is reportedly the biggest successful cyberattack on an Italian bank.
Statements and investigations
UniCredit Banca spoke out about the incident through a statement:
“UniCredit has launched an audit and has informed all the relevant authorities.”
The bank is blaming a third party provider for the breach.
Although it’s extremely common for data breaches to occur through a third party who may have less stringent security measures, UniCredit cannot shift all the blame as they have a responsibility to vet companies they work with.
As seen with the Debenhams Flowers data breach, Debenhams used a less-than-secure third party to take Debenhams customers’ orders and deliver their flowers.
The third party required access to Debenhams customer database to allow customers to login and process payments. When the data breach occurred via a vulnerability in the third party vendor’s security wall, the responsibility lay with both companies.
Companies like Debenhams must vet third party vendors to ensure they adopt equal or higher security measures.
Fall in UniCredit’s share value
Unsurprisingly, investor confidence took a small hit when the data breach was disclosed, as the bank’s shares went down by 1%. Data breaches often have a greater impact than first thought as the data controller may suffer a reputational hit as well as associated financial losses. The data owners lose control of their personal and private information, and the extent of harm may never be truly quantified as an intangible loss.
Investors can sometimes be overlooked when it comes to data breaches. When a company suffers a data breach, it may put the investors’ investments at risk. When a company loses money, so does its shareholders usually.
Security checks triggered
After the incident was revealed, other Italian banks reportedly conducted security checks to see if they were also affected. So far, none have been reported. However, Sanpaolo, Banco BPM and UBI should not breathe a sigh of relief and put the incident out of their minds. Constant vigilance is required for companies to take their data protection obligations seriously.
The EU data privacy shakeup
The EU is set to be changing the rules around reporting and paying for data breaches. As soon as May 2018, we may see banks getting fined up to 4% of their annual turnover if they don’t report a breach quickly enough. The General Data Protection Regulation was created with the aim to “strengthen and unify data protection for individuals”.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.