Italy's UniCredit says personal financial data of some 400,000 customers who took out loans through the bank have been hijacked by unauthorised third parties.
The bank blames the breach on an Italian third party provider of customer reference data. A first break in seems to have occurred in September and October 2016 and a second breach which has just been identified in June and July 2017.
"Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods," the bank states. "No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected, whilst some other personal data and Iban numbers might have been accessed."
UniCredit has launched an audit and intends to file a claim with the Milan Prosecutor's office.
Says the bank: "Customer data safety and security is UniCredit's top priority and as part of Transform 2019, UniCredit is investing 2.3 billion euro in upgrading and strengthening its IT systems."