Unicredit has reported a breach of its IT systems resulting in the leak of information belonging to over 3 million customers.
The bank confirmed on Monday that a file created in 2015 containing three million records involving Italian clients is the source of the security incident.
The victims' names, telephone numbers, email addresses, and cities where clients were registered are among the information compromised.
UniCredit is adamant that no details allowing hackers access to customers' bank accounts or payment information has been accessed. This means that the Personally Identifiable Information (PII) compromised in this attack will be used by attackers in social engineering campaigns and could potentially result in identity theft.
This is not the first time UniCredit has experienced a security breach. In July 2017, the company had become a victim of a breach by a third-party provider that accessed Italian customer data without consent.
Since then, the bank claims that it has "invested an additional €2.4bn in upgrading and strengthening its IT systems and cybersecurity.
An investigation into the matter is ongoing and time will tell the significance of the data compromised in this breach and whether or not GDPR regulators will choose to punish the firm for this incident.
Securing sensitive financial environments can seem like a daunting task, but NNT has solutions to help you get secure, compliant, and audit-ready. Learn about our solutions for the financial services industry