Italy’s Data Protection Authority Criticizes Intesa’s Handling of Customer Data
Italy’s data protection authority has taken a firm stance against Intesa Sanpaolo, the country’s largest bank, accusing it of downplaying the severity of a recent data breach that potentially exposed sensitive information belonging to thousands of customers, including Italy’s Prime Minister Giorgia Meloni. According to Reuters, the authority voiced concerns on Tuesday that Intesa Sanpaolo’s initial response underestimated the risk and scale of the breach, which reportedly involved unauthorized access by a bank employee to around 3,500 client records.
The breach first came to light last month when the authority demanded clarification from Intesa regarding the incident. The bank had confirmed that an employee, who allegedly accessed clients’ personal data without authorization, was suspended pending a criminal investigation. According to the bank, it promptly notified authorities and initiated an internal probe. However, the data protection authority indicated that information about the scope of the breach only emerged through press reports, with full confirmation from Intesa coming much later, according to Reuters.
“Contrary to the bank’s assessment… the breach of the personal data represents a high risk for the rights and freedoms of the individuals concerned,” the authority stated, per Reuters. The watchdog warned that the breach could have significant repercussions for affected customers, potentially impacting their financial status and damaging their reputations.
In its directive, the authority instructed Intesa Sanpaolo to notify all affected customers within 20 days, ensuring transparency regarding any data that might have been exposed. Furthermore, the bank has been ordered to submit a detailed report on its security measures within 30 days, allowing the authority to assess whether its protections for sensitive customer data meet regulatory standards.
In response, Intesa Sanpaolo asserted its commitment to safeguarding customer data. The bank released a statement saying it is actively cooperating with the regulator’s requests and is already enhancing its data protection protocols. “Ensuring the highest level of security for our customers’ data remains a top priority,” the statement read, according to Reuters.
The breach, one of the most prominent in Italy involving sensitive personal and financial data, has intensified calls for improved cybersecurity practices within financial institutions.
Source: Reuters
Featured News
Cautious Optimism From AI Execs Over Planned Lifting of Export Controls, But Concerns Remain
May 8, 2025 by
CPI
UK Holds Firm on Digital Tax for US Tech Giants Despite New Trade Deal
May 8, 2025 by
CPI
Pro Tennis Governing Body Barred from Influencing Players in Antitrust Lawsuit
May 8, 2025 by
CPI
Mastercard Wins Dismissal of Antitrust Suit Over Digital Wallet Access
May 8, 2025 by
CPI
J&J Antitrust Trial Heats Up as Innovative Health CEO Testifies on Market Suppression
May 8, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Mergers in Digital Markets
Apr 21, 2025 by
CPI
Catching a Killer? Six “Genetic Markers” to Assess Nascent Competitor Acquisitions
Apr 21, 2025 by
John Taladay & Christine Ryu-Naya
Digital Decoded: Is There More Scope for Digital Mergers In 2025?
Apr 21, 2025 by
Colin Raftery, Michele Davis, Sarah Jensen & Martin Dickson
AI In the Mix – An Ever-Evolving Approach to Jurisdiction Over Digital Mergers in Europe
Apr 21, 2025 by
Ingrid Vandenborre & Ketevan Zukakishvili
Antitrust Enforcement Errors Due to a Failure to Understand Organizational Capabilities and Dynamic Competition
Apr 21, 2025 by
Magdalena Kuyterink & David J. Teece