UniCredit Bank reports data leak of 3 million customers

UniCredit Bank reports a data leak that affected 3,000,000 users.

So far, the bank has not revealed many details of the incident. It is unclear, how exactly the leak occurred, it is only known that the root of the problem lies in the compromise of only one file, dated as far as 2015. This file contained information only about UniCredit’s Italian customers, including their names, information about cities of residence, phone numbers and email addresses.

“In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered”, — report in the bank.

It is emphasized that the records did not contain any other personal data or bank details that could allow attackers to gain access to customer accounts.

“The records consist of names, city, telephone number and email only. Consequently no other personal data or any bank details permitting access to customer accounts or allowing for unauthorized transactions have been compromised”, — report in UniCredit.

Therefore, those involved in the breach have lost Personally Identifiable Information (PII) which can be used in social engineering campaigns and potentially contribute to identity theft, but the chance of unauthorized transactions caused by the data leak is slim.

Read also: Leading IT companies teamed up to form an alliance to protect industry

Currently the company is conducting an internal investigation of the incident and has already notified the relevant authorities, including law enforcement, about the incident. Affected users will be informed of the compromise by email or through online banking.

“Customer data safety and security is UniCredit’s top priority and since the 2016 launch of Transform 2019, the Group has invested an additional 2.4 billion euro in upgrading and strengthening its IT systems and cyber security”, — report in UniCredit bank.

However, this is not the first case that UniCredit faced data compromise incident. In July 2017, the bank said it was the victim of data theft because a third-party provider gained access to the data of an Italian clients without consent or permission.