Italy privacy watchdog fines Unicredit $3.1 million for data breach

Milan: Italy’s data protection authority has fined UniCredit (CRDI.MI), opens new tab, the country’s second-largest bank, 2.8 million euros ($3.1 million) for a data breach case in 2018 affecting thousands of customers and former customers, it said.

The bank responded that it would appeal the decision to court, adding that no bank data had been compromised and the incident had been immediately resolved.

“Banks must take all necessary technical and organisational and security measures to prevent their customers’ data from being unlawfully stolen,” the authority said.

The massive cyber attack on the mobile banking platform resulted in the illicit acquisition of names, tax codes, and other identification codes for approximately 778,000 customers and former customers.

The sanction takes into account the large number of people involved in the data breach and its seriousness as well as the timely adoption of corrective measures, the authority said.

“The security of customer data is a top priority for UniCredit,” the bank said, adding it was investing 2.8 billion euros as part of a programme to reinforce protection.