UniCredit, Italy’s second-largest bank, has been fined €2.8 million (£2.3 million) by the country’s data protection authority over 2018 data breach case.
The 2018 cyber attack on the bank’s mobile banking platform impacted the data over 750,000 customers. The sanction, announced on Thursday, is a reminder that “banks must take all necessary technical and organisational and security measures to prevent their customers' data from being unlawfully stolen," the authority commented.
The 2018 breach was no outlier for UniCredit. In 2017, the bank announced that personal financial data of some 400,000 customers, who have taken out loans through the bank, has been compromised by unauthorised third parties. In 2019, UniCredit uncovered another data breach that affected the personal records of more than three million customers.
Commenting on the issuing of the fine this week, UniCredit responded that it would appeal the data protection authority’s decision, stating that the incident had been immediately resolved and no bank data had been compromised in the breach.