UniCredit, Italy’s second-largest bank, has been fined €2.8 million (£2.3 million) by the country’s data protection authority due to a 2018 data breach incident.
The cyber attack on the bank’s mobile banking platform in 2018 affected the data of over 750,000 customers. The authority’s announcement serves as a reminder that “banks must take all necessary technical and organisational and security measures to prevent their customers’ data from being unlawfully stolen.”
This breach is not an isolated incident for UniCredit. In 2017, the bank revealed that personal financial data of approximately 400,000 customers who had taken out loans was compromised by unauthorized third parties. Additionally, in 2019, UniCredit identified another breach that affected the personal records of more than three million customers.
In response to the fine issued this week, UniCredit announced that it plans to appeal the decision, asserting that the issue was resolved promptly and that no bank data was compromised during the breach.