Italy’s UniCredit has confirmed that the personal financial data of about 400,000 customers has been compromised.
According to Finextra, the affected customers took out loans through the bank, and their personal data has been hijacked by unauthorized third parties.
The bank blames the breach on an Italian third-party provider of customer reference data. A first break-in appears to have occurred in September and October 2016, with a second breach recently identified in June and July 2017.
“Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods,” the bank states. “No data, such as passwords allowing access to customer accounts or allowing for unauthorized transactions, has been affected, whilst some other personal data and Iban numbers might have been accessed.”
UniCredit has launched an audit and intends to file a claim with the Milan Prosecutor’s office.
“Customer data safety and security is UniCredit’s top priority, and as part of Transform 2019, UniCredit is investing 2.3 billion euro in upgrading and strengthening its IT systems,” the bank said.
UniCredit had some good news to report earlier this year, announcing it had partnered with Alipay, the payment service of Alibaba, to enable Chinese tourists in Italy to pay for goods and services via the Alipay app. In 2015, Chinese tourists spent an average of $215 billion around the globe, with Italy being the second preferred destination for Chinese tourists in Europe and among the top 10 around the globe.