Italy’s largest bank UniCredit has called in the police after it discovered a data breach involving up to three million customers.
The bank said its cyber security team had found an unauthorised file detailing “customer names, city, telephone number and email” it said in a short statement this morning.
It added the file, dating back to 2015, contained no other personal data or any bank details and said the breach had not led to unauthorised transactions. The data involved only affects Italian customers, the lender said.
However, it added it had “immediately launched an internal investigation and has informed all the relevant authorities, including the police”.
IT upgrade
The lender said since 2016 it has invested “an additional €2.4bn in upgrading and strengthening its IT systems and cyber security”.
The breach is the latest to affect UniCredit.
In July 2017, the bank said suspected hackers had accessed client data in two separate attacks, in September and October 2016, affecting 400,000 Italian customers.