UniCredit has revealed a data breach that leaked information belonging to three million customers from Italy, Reuters reported on Monday (Oct. 28).
The Italian bank indicated that a 2015 file containing customers’ names, addresses, emails and phone numbers was compromised.
The data leak did not include any financial information or the credentials required to access client accounts.
In the past three years, UniCredit has spent €2.4 billion ($2.7 billion) on cybersecurity enhancements.
When the breach was discovered last Thursday (Oct. 24), UniCredit reported it to authorities, a company spokesman told Reuters. The spokesman added that there is an ongoing internal investigation and that “no details could be disclosed on how the breach happened.”
The new data breach was reportedly not connected in any way to the cyberattacks in 2016 and 2017 that affected 400,000 Italian customers. Those attacks were caused by a third-party provider accessing Italian customer data without consent or authorization.
The Italian police are also investigating whether there were any crimes committed in connection with last week’s data breach.
Cyberthreats are increasingly playing out on a global stage. Director Samuel S. Visner of the National Cybersecurity Federally Funded Research and Development Center (FFRDC) said last month that cybersecurity threats to institutions and enterprises exist at several levels. As he noted, there is the possibility that an attack on a country’s financial system, especially in the U.S., would be a component of efforts to take down the power grid, the key infrastructure and the banking system. In the battle for cybersecurity, Visner said that adversaries are not “bulletproof super villains. They make mistakes. Their technology is not necessarily superior to the technology that anyone can get.”