400,000 client accounts’ information has been stolen from UniCredit SpA in a hacking attack, making it one of the biggest breaches of European banking security in 2017.
UniCredit SpA, Italy’s No. 1 bank, has stated in an email that the attack occurred in September and October of last year and June and July of this year. The discovery has been made only this week.
There is only more and more cyberattacks on corporations and banks. This May and June, two types of ransomware appeared out of nowhere and attacked everyone ranging from Britain’s National Health Service to Russian oil giant Rosneft OAO.
Francesco Confuorti, chief executive officer of Advantage Financial SA, said that this was the first attack that targeted an Italian bank and that it confirms the need for IT systems to be improved, especially in Italy.
There has been an effort to improve defense against cybercrimes in Europe. Leaders like Barclays Plc, Banco Santander SA, and Deutsche Bank AG joined forces with law-enforcement officials in order to share expertise and information that should lead to creating a unified defense against this type of crimes.
Hackers can get deep into networks and operate for months before they even get detected due to the complexity of the banking computers systems, as Thomas Lemon said, a London-based managing director for technology consulting at Protiviti Ltd.
Banking IT landscape is complicated and to get to a breach itself, you have to go through a vast amount of data, Lemon continues. The history of previous attacks cannot tell you much, so you don’t know what to look for in addition to the hackers being creative and changing their strategy frequently.
The breach that is our subject today happened when the intruders gained unauthorized access to customer data through an outside company. UniCredit’s It department noticed something wrong while doing checks – some users from their external commercial partner were gaining access to client data. The bank blocked the hackers immediately, closed the breaches and updated the system, as Daniele Tonella said, the CEO of the bank’s IT unit.
IBANs, or international bank account numbers and other personal information could have been taken, the bank stated.
Tonella said that there aren’t material damages for the bank and its clients. The hackers didn’t gain access to data such as passwords.
UniCredit Bank has since invested 2.3 billion euros to upgrade and strengthen the IT systems and started an audit, and is going to file a report with the Milan prosecutor, the bank stated.
A computer emergency response team was created last year by the country’s central bank and the Association of Italian Banks in order to strengthen financial security and is now monitoring the situation.