Italian bank UniCredit has identified a breach of its IT systems affecting millions of customer records, according to breaking reports.
The lender confirmed on Monday that a file created in 2015 containing three million records relating to Italian clients had been involved in the incident.
However, no details which could give hackers access to these customers’ bank accounts or payment information had been accessed, according to Reuters.
That’s in contrast to a major 2016 breach disclosed two years’ ago in which 400,000 were accessed by attackers in September and October. They were only discovered around nine months later.
Since that time, Italy’s largest bank by assets claimed that it has “invested an additional €2.4bn in upgrading and strengthening its IT systems and cybersecurity,” according to the report.
Time will tell on the significance of the data exposed in the newly reported breach, and whether GDPR investigators will seek to punish the firm.
UniCredit is by no means the only bank to be singled out for attention. The financial services sector is a popular target for cyber-criminals: data compiled by Bitglass last year claimed US lenders suffered three-times more data breaches in the first six months of 2018 than during the same period in 2016.
These included an insider theft of 1.5m customer details at SunTrust Bank.
Despite financial services firms spending a great deal on cybersecurity, the average cost of cybercrime for the sector increased by over 40%, from $13m per firm in 2014 to $18m in 2017. By contrast, the average cost per firm for other sectors is just under $12m, according to Accenture.
In the UK, regulator the Financial Conduct Authority (FCA) saw the number of data breaches reported to it grow by 480% from 2017 to 2018.