UniCredit is fined by Garante

02.07.2020

Back to news

The Italian Data Protection Authority, also known as “Garante” (Garante per la protezione dei dati personali) has imposed a fine on UniCredit institution. The authority is to charge the financial services company €600,000 for major security flaws which interfered with compliance. The pre-GDPR penalty is exacted from the bank for failing to conform to the Italian Personal Data Protection Code.

Three years ago, between April 2016 and July 2017, a massive data breach occurred. At the end of July the authority was notified about the incident. 700,000 clients got their personal details affected. The compromised data included payroll data, contacts, education details, financial details exposing bank accounts, loans, credit ratings and payment status. The data was reported to be accessed with no authorisation.

UniCredit is accused of providing insufficient banking transaction protection and inability to meet the requirements introduced to ensure safe operating.