UniCredit: 400,000 accounts hacked, exposing data

Data cables connect to a computer server unit inside a communications room at an office in London, U.K., on Monday, May 15, 2017. Governments and companies around the world began to gain the upper hand against the first wave of an unrivaled global cyberattack, even as the assault was poised to continue claiming victims this week. Photographer: Chris Ratcliffe/Bloomberg

Bloomberg

UniCredit SpA, Italy’s No. 1 bank, said hackers accessed about 400,000 client bank accounts in Italy, taking biographical and loan data in one of the biggest breaches in Europe to date.
The breaches occurred in September and October of 2016 and June to July of this year, the bank said on Wednesday in an emailed statement. Unauthorised access through an Italian third party provider gave access to some customer data related to personal loans, with the lender saying IBAN numbers and other personal data may also have been accessed.
Banks are boosting cyber-defense budgets and hiring former intelligence and law enforcement officials to build up defenses against hackers as lenders open their networks to connect with new money-management apps and other fintech offerings. Barclays Plc and HSBC Holdings Plc, in the UK, have joined forces with law enforcement in a unit called the Cyber Defence Alliance.
Prominent hacker attacks such as WannaCry in May and Petya in June that penetrated 80 Ukrainian banks, government agencies and multinational firms such as shipping giant A.P. Moller-Maersk AS have raised awareness of the vulnerability of some companies.
“There aren’t material damages for the bank and its clients from these attacks,” Daniele Tonella, CEO of UniCredit Business Integrated Solutions, the IT unit of the bank, said in a phone interview. “No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected,” he said.
The breach involved customers with financing and consumer-credit loans with UniCredit, said Tonella. The bank’s IT department discovered anomalies while conducting checks, finding that some users from an external commercial partner were accessing client data. UniCredit, immediately blocked the intruders, closed the breaches and upgraded the system, he said.
UniCredit, which is investing
2.3 billion euros ($2.7 billion) in upgrading and strengthening its IT systems, has started an audit and will file a report with the Milan prosecutor, it said. The bank’s IT investments include the strengthening of infrastructure through digitalisation activities, technological development of core systems and the continuous updating of the infrastructure, while ensuring compliance with regulatory requirements.

Leave a Reply

Send this to a friend