UniCredit SpA, Italy’s biggest bank, said data of 400,000 client accounts was accessed by hackers over the last one year. The data includes personal details. The breach was discovered this week. The first breach took place in September 2016 and the last in July this year, according to a statement by the bank. It appears that the data was accessed through a third-party vendor.
This is one of the biggest breaches in Europe this year.
The number of cyberattacks is increasing as digitalisation grows rapidly.
In June, companies and governments in several nations were hit by a major cyber attack. A virus attacked hard drives of computers running Microsoft Windows and announced that data had been encrypted. Users were asked to pay $300 in bitcoins to restore access.One of the companies to be hit was Maersk, the world’s biggest shipping company.
In May, almost 50 National Health ServiceTrusts in the UKwere hit by the Wannacry cyber-attack. Computers were encrypted and unusable in many areas, with hackers threatening that valuable files would be lost forever unless a ransom was paid.
Donato Capitella, Senior Security Consultant at MWR InfoSecurity, says, “This compromise of UniCredit customer data confirms the risks that organisations face by interconnecting their own IT systems with the ones belonging to their third-party suppliers. The risk is inherent in that the security posture of these third parties often tends to be weaker. Thus, targeting third parties offers the attackers an easier, lower resistance path into the IT systems/data belonging to their larger, critical targets. It is fundamental for organisations to come to terms with the fact that raising their security posture is essential but not sufficient, especially if they are then willing to interweave their IT systems with third parties whose security posture is insufficient.”