UniCredit is fined by Garante

The Italian Data Protection Authority, also known as “Garante” (Garante per la protezione dei dati personali) has imposed a fine on UniCredit institution. The authority is to charge the financial services company €600,000 for major security flaws which interfered with compliance. The pre-GDPR penalty is exacted from the bank for failing to conform to the Italian Personal Data Protection Code.

Three years ago, between April 2016 and July 2017, a massive data breach occurred. At the end of July the authority was notified about the incident. 700,000 clients got their personal details affected. The compromised data included payroll data, contacts, education details, financial details exposing bank accounts, loans, credit ratings and payment status. The data was reported to be accessed with no authorisation.

UniCredit is accused of providing insufficient banking transaction protection and inability to meet the requirements introduced to ensure safe operating.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.