Italy’s top bank suffered a huge hacking attack in what is turning out to be Europe’s largest security breach this year, affecting biographical and loan data from 400,000 client accounts which were stolen.
UniCredit is insisting, however, that it “immediately took all necessary actions to manage the breach. UniCredit already suffered an attack in September and October last year. The latest hack happened in June and July but were only discovered this week.
The bank has already reported the breaches to Milan’s public prosecutor. The bank said that an “Italian external trade partner” is the culprit behind the breaches, and were not due to bank’s “internal lapses.”
The anomalies were discovered while the bank’s IT team was conducting routine checks. Daniele Tonella, CEO of Unli Business Integrated Solutions, the IT unit of the bank, confirmed that the bank took measures to immediately block the hackers, close all breaches and upgrade the system.
The bank said that international bank account numbers or IBANS, and other personal information may have been taken during the period of undetected multiple breaches.
The bank will contact affected customers and vowed to upgrade its IT systems in a huge more than 2 billion euros project to better “protect and secure” its customers.
It remains unclear, though, what type of hack the attack was. Francesco Confuorti, CEO of Advantage Financial SA, a Milan-based investment firm said: “This is the first attack targeting an Italian bank and confirms that IT systems, particularly in Italy, need massive investment to avoid a loss of confidence. I expect that this case will lead to Italian banks reviewing their IT systems.”
Big lenders in the rest of Europe are collaborating with law enforcement officials to mount a united defense against cyber criminality. Financial industry heads have also started hiring intelligence personnel.
Cyberattacks on major corporations and banks in the world have seen an alarming increase in the past months. May and June saw ransomware attacks sweep across the globe, freezing databases and shutting down entire operations with the NHS in the UK and Russian oil giant Rosneft as among those targeted.