[BreachExchange] UniCredit Workers' Data Found for Sale Online

Destry Winant destry at riskbasedsecurity.com
Tue Apr 28 10:18:01 EDT 2020


A database containing what appears to be the data of thousands of
UniCredit S.p.A employees is being advertised for sale on cybercrime

The Italian global banking and financial services company has more
than 8,500 branches in 17 countries and employs over 97,775 people.
Data allegedly belonging to around 3,000 of those employees went on
sale on the dark web on April 19.

Advertising the data for sale is a hacker located in Romania who
claims to have compromised UniCredit's systems and exfiltrated the
data. Information allegedly stolen by the hacker includes names, email
addresses, phone numbers, and encrypted passwords.

Buyers can purchase the data for sale in units of rows. The cost of
150,000 rows of data is $10,000.

Telsey, a unit of Telecom Italia S.p.A, believes the hacker's claims
of stealing data from UniCredit are genuine. The company said that the
database was found available on at least two cybercrime- and
hacking-related forums.

In a statement published on its website on April 20, Telsey wrote: “By
the first technical details retrieved, the database appears to be
genuine and the potential result of a SQL Injection attack.
Alternatively, it could be the result of extensive compromise of the
victim network with the dump of the database directly from one of the
internal servers."

If Telsey's SQL attack theory is correct, then the hacker used a
malicious code-insertion technique to access UniCredit's data.
According to Telsey, the information being offered for sale appears to
be UniCredit data dating from 2018–2019.

UniCredit said that it was investigating the matter, hinting that any
possible data breach may have occurred via a third party.

“UniCredit became aware that its name has been mentioned in relation
to an alleged case of data breach in Romania related to an HR
recruiting platform provided and managed by a third party,” UniCredit
told Bloomberg News.

“There is no evidence of any UniCredit systems' having been accessed.”

The alleged hack comes just six months after the Italian financial
giant confirmed that the records of three million of its customers had
been exposed in a catastrophic data breach. Information exposed in the
breach included names, phone numbers, and email addresses of UniCredit

More information about the BreachExchange mailing list