UniCredit unveils 2015 data breach involving 3 million Italian clients

MILAN (Reuters) - UniCredit CRDI.MI has uncovered a data breach involving the personal records of 3 million domestic clients, it said on Monday, the third security incident at Italy's top bank in recent years.

FILE PHOTO: UniCredit bank logo in Milan, Italy, May 23, 2016. REUTERS/Stefano Rellandini

The lender, which said the latest breach related to a 2015 file containing emails and phone numbers of millions of Italian clients, has spent 2.4 billion euros since 2016 to upgrade its IT systems and boost cyber security.

The bank is due to present a new business plan in early December.

Unicredit said in a statement on Monday the compromised records contained no details that would allow access to customer accounts or for unauthorized transactions to be carried out.

The bank is contacting potentially affected customers by post or via online banking notifications, it said.

An internal investigation is ongoing and a spokesman for UniCredit said no details could be disclosed on how the breach happened.

Initial evidence of the incident emerged last Thursday and was confirmed at the weekend, prompting UniCredit to immediately inform all relevant authorities including the police, the company spokesman said.

The Italian police said separately they were carrying out checks in relation to the unauthorized access to the UniCredit file to see if any crimes had been committed.

UniCredit has been victim in the past of two separate suspected hacker attacks which took place in September-October 2016 and June-July 2017, affecting 400,000 Italian customers.

Those attacks had been carried out via an external commercial partner which UniCredit did not identify, the bank said at the time.

The spokesman said the latest incident was not in any way related to the previous episodes.

Shares in UniCredit were down 0.4% by 1211 GMT on Monday, in line with the sector index .FTIT8300.

Reporting by Francesca Landini and Valentina Za; Editing by Jan Harvey