UniCredit Bank has revealed that its servers have become victims of a hacker attack. In their statement, they admit that their security has been breached twice over the last year. September and October 2016 is when the first successful attack has occurred. The second breach took place in June and July of 2017. It wasn't until the second attack that UniCredit Bank admitted that something was wrong. Apparently, the breach was detected during a routine security check, according to the CEO of the IT department of UniCredit Bank, Daniele Tonella.
UniCredit Bank has taken the necessary steps in such an event. They claim to have halted the attack, upgraded their system, and secured their servers. The bank has also started a revision of their systems and is in touch with the appropriate institution, which in this case is Milan Prosecutor's Office.
What Information Was Compromised
According to the bank's report, a total of 400,000 accounts have been compromised. Unicredit Bank claims that the fault for this incident probably lies with an Italian third-party that also has access to the data. Since this third-party was responsible for personal loans, the data that has been exposed might be particularly sensitive. The cyber crooks may have gotten their hands on customers' addresses, names, and even IBANs (international bank account numbers). Fortunately, the passwords of the victims have remained uncompromised, and thus far no suspicious activity in their bank accounts has been detected. Still, the bank has announced a free hotline (800 323285) for clients who have become victims of the attack or have any valuable information regarding the case.
Who Were The Attackers
As to who are the cyber criminals behind this attack, there's no information at all. Despite the fact that the bank is supposedly contacted the authorities and is working with them to identify the hackers and resolve the issue we have to consider the nature of the attack. This means that it's likely that the crooks will never be discovered and held responsible for their mess.
Banking Security Vulnerabilities Loom
As a security measure, UniCredit Bank announced that they are going to update all their systems of which the total cost would be €2,3bn (or approximately $2,7bn). This was mentioned in the statement that the bank released where they specifically stress that the safety of their clients is their top priority, so the huge investment in the update is completely justified. This plan they've introduced is called “Transform 2019”.
In an interview with Bloomberg, Thomas Lemon, an expert working for Protiviti Ltd., emphasized the danger that such attacks pose to bank all over the world. He claimed that due to the complexity of technology and the enormous amounts of data involved in banking, a skilled hacker could sneak into the system and operate for months upon months without being detected.
The past few months have marked an increase in the attacks on banks. On the 11th of July, the customers of Australia and New Zealand Banking Group were targeted with a vicious and very well-crafted email spam campaign as a part of a phishing scam. Later that month the clients of another bank were terrorized by cyber crooks. This time the bank was Bank of America, but the method was the same – phishing. Often institutions and businesses tend to overlook security threats and choose not to update their systems because of the huge costs involved. Some, however, learn the hard way that this isn't a good idea. Like UniCredit Bank. It's not ethical to risk the security of the people who have trusted you with their savings, just to save on some expenses. Hopefully, more banks will realize this sooner rather than later.