BreachExchange mailing list archives
UniCredit reveals data breach exposing 3 million customer records
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 28 Oct 2019 09:11:16 -0500
https://www.zdnet.com/article/unicredit-reveals-data-breach-exposing-3-million-customer-records/ UniCredit has revealed a data breach resulting in the leak of information belonging to three million customers. On Monday, the Italian bank and financial services organization said that a compromised file, generated in 2015, is the source of the security incident. In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered. While UniCredit caters to an international client base, each record related to an Italian customer. UniCredit is keen to emphasize, however, that the data leak did not include any financial information or the credentials required to access client accounts. Therefore, those involved in the breach have lost Personally Identifiable Information (PII) which can be used in social engineering campaigns and potentially contribute to identity theft, but the chance of unauthorized transactions caused by the data leak is slim. The company has launched an internal investigation into how the breach took place and has informed relevant authorities, including law enforcement. Impacted customers will be informed by post or via online banking. CNET: Senators want to know if TikTok poses a national security risk "Since 2016, the Group has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cybersecurity," UniCredit says. "Customer data safety and security is UniCredit's top priority and in June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions." This is not the first time UniCredit has faced a data breach incident. In July 2017, the bank said it had become a victim of data theft due to a third-party provider accessing Italian customer data without consent or authorization. Two separate breaches occurred; one between September and October 2016, and another between June and July 2017. Information belonging to approximately 400,000 Italian customers was impacted, including PII and IBAN numbers. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- UniCredit reveals data breach exposing 3 million customer records Destry Winant (Oct 31)