UniCredit Discloses Data Breach Affecting 3 Million Customers

Italian banking and financial services institution UniCredit disclosed Monday, Oct 28, that it’s IT systems have suffered from a breach. Which has compromised the personal information of about 3 million customers.

In a statement posted on its site, the banking giant revealed its cybersecurity team has identified a data incident involving a compromised file generated in 2015. According to the company, the file contained personal information of roughly three million Italian clients. Among the personal details that were leaked included the customers’ names, cities, telephone numbers, and email addresses.

The bank, however, assured that the compromised records contained no personal or bank details that may allow access to customer accounts or permit unauthorized transactions. UniCredit also claimed it had immediately conducted an internal investigation and has reached out to relevant authorities, including law enforcement, after discovering the incident.

UniCredit Credit Breach



“Since 2016, the Group has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cybersecurity,” the statement wrote. “Customer data safety and security is UniCredit’s top priority and in June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions,” it added.

The recent data incident is not the first to plague the Italian banking giant. In July 2017, UniCredit revealed it had been hit with two separate hacking incidents, which ran from September to October 2016 and June to July 2017. The data incidents were revealed to have affected 400,000 Italian customers.

“The incident at UniCredit shows that spending money alone isn’t enough to safeguard an organization from data breaches,” quoted Threat Post from Jelle Wieringa, a technical evangelist at KnowBe4. “After the breach in 2016, the bank invested an additional Euro 2.4 billion in its security. That is an awful lot of money to spend only to find out it wasn’t enough to stop the bad guys from getting in and stealing information,” he added.

To date, the company is currently reaching out to all potentially affected persons both by post and online banking notifications. The Italian lender also encouraged concerned customers to contact its customer services team at 800 323285 as soon as possible.


The recent announcement of UniCredit made it an addition to the list of other financial services companies that have been targeted by cyber-criminals. Among these include Capital One, First American Financial, and Ascension.