The Italian Data Protection Authority has imposed a $3.1 million (2.8 million euro) fine on UniCredit, Italy’s second-largest bank, for a data breach in 2018 that impacted thousands of its customers and former customers.
Despite the bank’s insistence that no bank data was compromised and that the issue was swiftly addressed, the authority highlighted the necessity for banks to adopt comprehensive technical, organizational, and security measures to protect customer data from unauthorized access.
The breach involved a cyberattack on the mobile banking platform, leading to the illegal acquisition of personal information such as names, tax codes, and identification numbers of approximately 778,000 individuals. The size of the fine reflects the significant number of affected individuals, the severity of the breach, and the bank’s prompt implementation of corrective actions.
UniCredit has announced its intention to challenge the fine in court and emphasized its commitment to customer data security, stating it is investing 2.8 billion euros in enhancing data protection measures.
