UniCredit says it happened in 2015
The UniCredit cybersecurity team has recently found out that in 2015 a data incident occurred. It is about a file containing about 3 million records limited to the Italian region. Those records contained personal data like names, cities, telephone numbers, and emails. UniCredit says no other information or bank details got leaked.
The bank says it started an investigation and informed authorities, as well as the police. Moreover, the bank contacted clients whose personal data was supposedly leaked by email and in-app banking notifications. A UniCredit spokesperson said no further details about the causes of the incident could be revealed. The Italian police reported that they were checking all the processes of unauthorized access to the UniCredit files to find out whether any frauds have been suspected.
In June 2019, the Group has invested approximately €2.4 billion in renewing and strengthening the identification process to get access to the app, as well as payment transactions. It requires a biometric identification or a one time password.