The leading bank in Italy, UniCredit mentioned that approximately 400,000 of its customers’ data were affected after third party provider was hacked. The name of the third party is withheld. It is one of the major attack on Italy’s financial institution as per the Reuters.
The bank mentioned that data was stolen in two different breaches.
“UniCredit has launched an audit and has informed all the relevant authorities,” the bank said in a statement. “In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.”
Paul Norris, senior systems engineer for EMEA at Tripwire mentioned that these two breaches occurred in a year.
“Basic security hygiene needs to be adopted by all enterprises, not just financial institutions, and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures, which will reduce the overall risk of future attacks,” Norris said.
Evident.io CEO Tim Prendergast mentioned that customers expect that their information should be secured. “Enterprises, therefore, must demand that their partners operate according to the same security rules and protocols they abide by when it comes to customer data,” he said.
“It should be a requirement that all partners use continuous security monitoring of their cloud environments, and adhere to rigorous security protocols if they want to work with a vendor,” Prendergast added.
Matt Walmsley, EMEA director at Vectra Networks, mentioned that the breach reminds companies to take extra care to handle sensitive data.
“In an effort to save costs, businesses often outsource functions to third-party providers and external contractors,” he said. “However, businesses have a duty of care to protect personal information regardless of whether they manage it in-house or out-of-house.”
____________________________________________________________________________________________
Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.