UniCredit has just announced in an official statement that its servers were breached by hackers, with details of approximately 400,000 clients said to be exposed.
The bank explained that hackers managed to get inside its systems in Italy twice in the last 12 months. The first hack took place in September and October 2016, while the second attack happened in June and July this year, with the latter discovered by the company’s security department, triggering an in-depth investigation.
UniCredit says the breach was possible through a third-party working with customer data related to personal loans, so hackers were likely capable of accessing information like name, addresses, and IBAN numbers. Passwords were not compromised, and no unauthorized transactions were detected.
“UniCredit has launched an audit and has informed all the relevant authorities. In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach,” the company says in a statement today.
Police investigation already under way
No hacking group claimed the breach, and there’s a good chance that the identity of the attackers will never be determined, though the bank says that it has already started an internal investigation and will contact the Milan Prosecutor’s office in this regard.