The bank said in a statement Wednesday that the hackers accessed only data related to personal loans, and that it was breached through an unidentified external third-party commercial partner.
Initial breaches occurred September and October of 2016 and had not previously been disclosed. They were followed by a more recent one in June and July. The bank said no passwords appear to have been jeopardised, but that personal data, including names and birthdates, along with IBAN numbers "might have been accessed."
According to Bloomberg, the UniCredit hack is one of the biggest breaches in Europe to-date, however it spoke to Daniele Tonella, the CEO of UniCredit Business Integrated Solutions, which handles the IT department of the bank who said:
"There aren't material damages for the bank and its clients from these attacks. No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected," Tonella said.
Tonella told Reuters: "We don't know why this data was acquired," adding that it also did not know who was behind the attacks.
The bank said it was filing a criminal complaint with prosecutors and is taking action to close the breach. At the same time UniCredit is reportedly investing €2.3 billion ($2.7 billion) in upgrading and bolstering its IT systems through technological advancements and digitalisation activities.
Banks have become prime targets for hackers as cyber criminals try to find new ways to exploit vulnerable systems to pull off cyber heists. In November 2016 Tesco Bank was subject to a hack that resulted in the loss of £2.5 million, while Bangladesh Bank was hit by cyber criminals stealing a staggering $81 million (£62 million).
Unicredit has blamed an unnamed "third-party provider" for the incidents.
It said the first was thought to have occurred between September and October 2016, and the second happened some time over this month and June.
"UniCredit has launched an audit and has informed all the relevant authorities," it said in a statement.
It has also tweeted a telephone number for international customers to find out whether they might have been affected.
UniCredit shares fell about 1% following its disclosure of the hack.
Other Italian banks, including Intesa Sanpaolo, Banco BPM and UBI, have said they have seen no evidence of coming under attack themselves.
Next year, the EU plans to introduce rules that will mean banks could be fined up to 4% of their annual turnover if they suffer a data breach and do not report it within hours of the discovery.
The General Data Protection Regulation comes into force in May.
0 comments:
Drop your comments here!