Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Hub Image

Incident Of The Week: UniCredit Breach Impacts 3 Million Clients

Recently Discovered Data Incident Relates To 2015 Customer File

Add bookmark
Kayla Matthews
Kayla Matthews
11/01/2019
UniCredit Italy

A shared characteristic of many recent data breaches is that they concern incidents that happened years ago and only recently came to light. Such an issue happened to UniCredit. The brand is an Italian banking and financial services company that operates in 14 core markets throughout Central, Western and Eastern Europe.

UniCredit opened most of its offices in Europe. However, it maintains a global presence that includes being active in places elsewhere such as North and South America, Libya and Japan.

What is Known About This Breach?

The official details about the breach from UniCredit are still limited to what the company published in a short news release on its website. On the morning of October 28, 2019, the company confirmed that its cyber security team discovered a "data incident."

It related to a single file created in 2015 that contained details associated with approximately 3 million customers in UniCredit's Italian market. According to a Reuters article, the company cannot disclose how the breach happened.

See Related: Incident Of The Week: Indian Bank Loses $13.5M In Costly Cyber-Attack

What Kind of Information Got Compromised?

UniCredit confirmed that the breached document included customer names, telephone numbers, email addresses and cities. It also said that the problem did not extend to any other personal or banking details, nor would the compromised content allow hackers to carry out unauthorized transactions.

How Did UniCredit Respond?

UniCredit representatives promptly launched an internal investigation to get to the bottom of the breach. They contacted relevant authorities, including law enforcement personnel, too. The company is notifying all potentially affected customers by postal mail and online banking messages. The company also encouraged anyone with concerns to contact the customer service team at a provided toll-free number.

What Will UniCredit Do to Prevent Similar Incidents?

Immediately after news breaks about a data breach, members of the public understandably want to know how the affected companies will stop another one from occurring. In this case, UniCredit focused on what it has already done and stayed silent regarding changes it would make after the breach happened.

The release from the company focused on the company's current business plan, known as Transform 2019. It's an initiative launched in 2016 with targets that the company wants to meet by the end of 2019.

While publishing information about its data breach, UniCredit specifically mentioned Transform 2019's efforts to improve cyber security. For starters, the company invested an extra €2.4 bn into upgrades for its IT infrastructure and cyber security measures.

In June 2019, UniCredit took another positive cyber security step by strengthening the authentication process for customers using its web, mobile banking and payment services. More specifically, people must use a one-time password or biometric identification to proceed in the system while using those platforms or services.

Those are smart steps to take. It is arguably worrisome that the firm did not give information to stop further breaches after it got informed about this one, though.

See Related: Incident Of The Week: HSBC Bank Alerts U.S. Customers Of Data Breach

Has UniCredit Had Previous Data Breaches?

The incident in late-October 2019 is not the first time the company dealt with cyber security issues. News sources detailed how 2017 was a particularly rough year for UniCredit on the cyber security front. The company became aware of two data breaches, the first occurring between September-October 2016 and another one during June and July of 2017.

It took the company nearly nine months to realize the first data breach. In the statement about those two incidents, UniCredit said those also affected the Italian market. They collectively included data from approximately 400,000 customers.

The organization mentioned then that it had "taken remedial action to close this breach." It did not specify the actions performed as part of that goal, however.

Uncertainty Reigns

UniCredit has not provided further updates beyond its initial, brief statement about this latest cyber security problem. The lack of concrete information concerning preventative measures suggests that current or prospective clients of UniCredit can do nothing more than trust that the company will do what is necessary to fix its data security shortcomings.

That could be difficult for some people to do, especially considering that UniCredit is a repeat victim of successful cyber security attacks. No company should view itself wholly protected from data breaches.

The public may find it easier to trust breached companies if those organizations specifically mention their mitigation strategies. UniCredit has yet to take that step, but it is too soon to say if that decision will prove detrimental.

See Related: Top 8 Industries Reporting Data Breaches In The First Half Of 2019

Tags: Incident Of The Week IOTW BFSI Banking Payment Italy PII UniCredit CyberAttack Breach Data Disclosure UniCredit data breach transform group data breach Data Breach UniCredit
info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":0,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy