ITALY’S top bank UniCredit has been targeted in a huge hacking attack in Europe’s largest banking security breach this year.
Biographical and loan data from 400,000 client accounts was stolen in the hack as the bank insisting it “immediately took all necessary actions” to tackle the breach.
Following an attack on the same lender in September and October 2016, the latest hack, which took place in June and July was confirmed in an email statement from the bank on Wednesday.
UniCredit said both breaches were only discovered this week, and were immediately reported to Milan’s public prosecutor.
The bank stressed the security breach took place via an “Italian external trade partner”, and was not down to internal lapses.
Daniele Tonella, CEO of UniCredit Business Integrated Solutions, the IT unit of the bank, said his team detected anomalies while conducting routine checks.
He confirmed the bank immediately blocked the hackers, closed all breaches and upgraded the system.
UniCredit said international bank account numbers, also known as IBANs, and other personal information may have been taken over the period of the multiple undetected breaches.
The bank will contact affected customers and has pledged to upgrade its IT systems in a £2billion (€2.3bn) project.
In a statement the bank said: “The protection and security of its customers’ data is a top priority for UniCredit, and within the framework of the recent business plan ‘Transform 2019’, the group is investing 2.3 billion euros to strengthen and make its IT systems more and more effective.”
It is unclear what type of hack the attack was.
Francesco Confuorti, CEO of Advantage Financial SA, a Milan-based investment firm, told Bloomberg: “This is the first attack targeting an Italian bank and confirms that IT systems, particularly in Italy, need massive investment to avoid a loss of confidence.
“I expect that this case will lead to Italian banks reviewing their IT systems.”
In other parts of Europe, lenders including Barclays, Banco Santander and Deutche Bank have joined forces with law-enforcement officials as part of efforts to mount a united defence against cyber criminality.
Financial industry bosses have also started hiring intelligence personnel and approaching start-ups to improve their technology and safeguard their databases.
Thomas Lemon, a London-based managing director for technology consulting at Protiviti Ltd, says the vast complexity of banking computer systems means hackers can burrow deep into networks and operate for months undetected.
He told Bloomberg: “You have a complicated IT landscape with huge amounts of data to sift through to see if a breach is occurring.
“The bad guys are creative, and the history of past attacks doesn’t tell you the right indicators to look for, so you’re trying to find a needle in a haystack.”
Cyberattacks on major corporations and banks have stepped up in recent months.
May and June saw ransomware attacks sweep across the globe, freezing databases and knocking out entire operations with the NHS in the UK and Russian oil giant Rosneft among those targeted.
Dozens of Ukrainian lenders have been affected by the “Petya” ransomware outbreak in June, which targeted Microsoft Windows-based systems.