UniCredit said hackers accessed about 400,000 client bank accounts in Italy, taking biographical and loan data in one of the biggest breaches in Europe to date.
The incidents occurred in September and October of 2016 and June to July of this year, the bank said.
Unauthorised access was gained through an Italian third-party provider to some customer data related to personal loans, with the lender saying Iban numbers and other personal data may also have been reached. A spokesman declined to identify the third party involved.
Banks are boosting cyber-defence budgets and hiring former intelligence and law enforcement officials to build up defences against hackers as lenders open their networks to connect with new money-management apps and other fintech offerings.
In the UK, banks such as Barclays and Deutsche Bank have joined forces with law enforcement in a unit called the Cyber Defence Alliance.
The most recent attacks were detected between Monday and Tuesday and led to the discovery of the incidents that took place last year, sources said.
“I expect that this case will lead to all Italian banks reviewing their IT systems,” said Francesco Confuorti, chief executive of Advantage Financial, a Milan-based investment firm.
“This is the first attack targeting an Italian bank and confirms that IT systems, particularly in Italy, need massive investment to avoid a loss of confidence.”
Banking industry leaders are worried about more than the theft of customers’ data or money. Cyber criminals might also damage account databases and render them unusable, said Becky Pinkard, vice president of service delivery and intelligence at Digital Shadows, a London-based cyber defence firm.
“Banks are justified in their fear of corrupted data. Attackers could harm the bank by adding or subtracting a zero to every balance, or even deleting entire accounts.”
In May and June, two ransomware attacks, WannaCry and Petya, swept the globe and temporarily crippled operations in entities ranging from Britain’s NHS to oil companies and automakers.
© Irish Examiner Ltd. All rights reserved