UniCredit, between June and July, suffered a large-scale hacking attack. The second since 2016, when the intrusion was perpetrated in September and October. Internal sources report that the breach occurred through an external Italian partner. The data of 400,000 customers has been stolen, but it seems to be a theft “only” aimed at obtaining information on personal loans and some personal data and Iban codes. So, UniCredit assures, no customer should fear for their passwords or any other data that may allow access to their bank account.
The bank immediately reported the fact (GDPR docet?) by preparing a complaint to the Prosecutor’s Office of Milan, and an investigation was opened against unknown persons for abusive access to the computer system and violation of privacy. The investigation is led by the Public Prosecutor’s Office Alberto Nobili and Enrico Pavone, who have delegated the Postal Police to carry out in-depth investigations into the incident. The Bank has promptly communicated that it has “immediately taken all necessary actions to prevent the recurrence of this computer intrusion”; recalling also the exorbitant amount of investment planned for the security of computer systems in its development plan, Transform 2019: 2.3 billion dollars.
UniCredit, as well as making available the toll-free number 800.323.285 to obtain information on the case, has assured that each victim of the “data theft” will be contacted through “specific channels” avoiding, for privacy reasons, common means such as e-mail or direct telephone calls.
Predicting and blocking a Hacker attack, industry experts say, is very difficult nowadays, almost impossible. Predicting and blocking a Hacker attack, industry experts say, is very difficult nowadays, almost impossible. Thus, immediately after making the attack known, Unicredit opens in Piazza Affari with -0.71%.
Of course, no passwords have been stolen or bank accounts drained, and that brings a sigh of relief. But one still wonders to what end the hackers will use the huge amount of sensitive data looted (400,000 users!). Phishing campaigns? Spam? Who knows…