[BreachExchange] UniCredit Hacked: 400, 000 Accounts Compromised, Data Exposed
Destry Winant
destry at riskbasedsecurity.com
Thu Jul 27 04:21:00 EDT 2017
http://www.ibtimes.com/unicredit-hacked-400000-accounts-compromised-data-exposed-2570903
UniCredit, a global bank and financial services firm based in Italy,
reported a series of data breaches carried out by hackers that may
affect nearly a half-million of the company’s customers, Bloomberg
reported.
The hacks reportedly took place earlier this year and late last year.
The hackers are believed to have gained access to customer data
related to personal loans, along with other identifying information.
Hackers gained unauthorized access to UniCredit’s systems on several
occasions, including incidents in September and October 2016 and June
and July of this year. The most recent attacks were detected earlier
this week, which led to previous breaches being discovered.
More than 400,000 UniCredit customers have been affected by the
breach. Customer data including biographical information, loan details
and International Bank Account (IBAN) numbers have been exposed and
stolen by the hackers.
Daniele Tonella, CEO of UniCredit Business Integrated Solutions, told
Bloomberg the breach involved customers with financing and
consumer-credit loans. Tonella held that no “material damages”
happened as a result of the breach, as no passwords were stolen and no
unauthorized transactions were completed.
It is believed that access to the accounts was gained through a
third-party provider that had access to the banking data. The third
party is based in Italy, though UniCredit has chosen not to identify
the partner company for the time being, but did note that access has
been cut off and the company’s systems have been updated to improve
its defenses.
Milan prosecutors have already launched an investigation into the
UniCredit hack, according to Reuters. The bank has already begun an
internal audit in response to the situation and will report its
findings to the prosecutor.
UniCredit, which operates more than 8,500 branches in 50 markets in 17
countries and employs over 147,000 people, was already investing in
upgrading its computer systems and defenses prior to the breaches. The
company will reportedly spend $2.7 billion on IT infrastructure as it
works to improve and reinforce its systems.
While the breach of UniCredit is one of the worst yet for financial
institutions in Europe, it’s not the first time the bank—which is the
largest in Italy by market capitalization—has come under fire for
putting its customers at risk.
In 2015, security researchers at cyber threat detection firm Cyphort
discovered the Ukrainian website for UniCredit was infected with
malware. The malicious software installed on the site was used to
collect user information and send that data back to the attackers.
Financial institutions have been major targets of cyber attacks in
recent years. Breaches run the risk of having devastating effects, not
only on victims who have their data stolen but potentially on the very
stability of the institutions. Were hackers ever to gain the ability
to modify balances or other information, there could be wide-ranging
fallout from the attack.
More information about the BreachExchange
mailing list