IT systems of the Italian bank UniCredit were breached, causing millions of customer records to be exposed. The bank verified the breach and stated that the affected customer records came from an older file created in 2015. Reuters affirmed that no details that would give attackers access to bank accounts and payment information were included with the exposed files. Unicredit is Italy’s largest bank by assets; the bank has invested around €2.4bn to help bolster security. Although companies in the financial sector have spent an increasing amount of money on cybersecurity, the cost of dealing with security incidents has also risen by about 40%. The reported cost of an incident increased from $13 million USD in 2014 to $18 million USD in 2017.
Companies should have a crisis response team in place to help identify the source of the breach and what was compromised. Law enforcement should be contacted as soon as possible, and a collaborative investigation should be carried out. Fluent communication between the breached company and customers or patrons who could have been affected is key. Customers should also keep a close eye on their accounts after a breach occurs and report any suspicious activity to the appropriate parties. More information regarding this incident can be found here: https://www.infosecurity-magazine.com/news/unicredit-breach-affects-three, https://uk.reuters.com/article/us-unicredit-cyber/unicredit-hit-by-data-breach-of-italian-client-records-idUKKBN1X70HM