FILE PHOTO: UniCredit bank logo in Milan, Italy, May 23, 2016. REUTERS/Stefano Rellandini
MILAN (Reuters) – UniCredit (CRDI.MI) said on Monday its cyber security team had identified a data breach involving a file created in 2015 and containing approximately three million records, all regarding Italian clients.
Italy’s biggest lender by assets said no bank details which would permit access to customer accounts or allow for unauthorized transactions had been compromised.
The bank added it had immediately launched an internal investigation and informed all the relevant authorities, including the police.
“Since 2016, UniCredit has invested an additional 2.4 billion euros in upgrading and strengthening its IT systems and cyber security,” the bank said.
The breach is the latest to affect UniCredit.
In July 2017, the lender said suspected hackers had accessed client data in two separate attacks, in September and October 2016, affecting 400,000 Italian customers.
The attacks were carried out via an external commercial partner which UniCredit did not identify, the bank said at that time.
Shares in UniCredit were down 0.3% in early trading on Monday, in line with Milan bluechip index .FTMIB.
Reporting by Francesca Landini; editing by Giulia Segreti and Mark Potter