UniCredit announced it has been the victim of a security breach in Italy due to unauthorized access through an Italian third party provider to Italian customer data related to personal loans only. A first breach seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017. Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods. No data, such as passwords allowing access to customer accounts or allowing for unauthorized transactions, has been affected, whilst some other personal data and IBAN numbers might have been accessed.

UniCredit has launched an audit and has informed all the relevant authorities. In the morning, UniCredit will also file a claim with the Milan Prosecutor's office. The bank has also taken immediate remedial action to close this breach. Customer data safety and security is UniCredit's top priority and as part of Transform 2019, UniCredit is investing EUR 2.3B in upgrading and strengthening its IT systems.