Unicredit servers attacked, data of 3 million users stolen

The bank lets it know that a file containing the data of 3 million users has been stolen. Important not to respond to email or SMS alerts

Bad news for Unicredit account holders: unknown hackers have managed to break into the bank's servers and steal a file containing about 3 million records. This is the third major data theft (the first in size but, fortunately, not in severity) against the bank's customers in just two years.

The file, created in 2015, contained data from as many users of the bank, which are now in the possession of cybercriminals. Unicredit is taking steps to warn affected customers by sending paper letters or notifications on its mobile banking app. The bank, on the other hand, is not and will not in the future warn any customers in any other way. And this is important to know, in order to minimize the risks arising from this blatant theft of personal data: do not respond to any phone calls or text messages inviting you to change your Unicredit account login credentials. But what kind of data is involved? What do Unicredit account holders risk?

They are not sensitive data

Unicredit specifies that they are personal data, but not sensitive data. This means that it is not enough data to access users' online bank accounts and perform transactions. The stolen file, in fact, contained names, surnames, phone numbers and email addresses of about three million users.

What Unicredit account holders risk

With name, surname, phone and email, a hacker cannot easily breach a bank account: the access code and password are missing. However, with those data you can set up a massive phishing campaign, through which you can ask users to provide the missing data. For these reasons it is good to reiterate that Unicredit is warning users only and only via mail and via app (hackers do not have available, after the theft, the home addresses and the codes to access the app).

Unicredit data theft: it is not the first time

Although the risk for users is not high, this theft is a very bad figure for Unicredit. Which, by the way, in the past of far more serious thefts has suffered others. In 2017, Unicredit suffered the theft of the data of 400 thousand account holders who had applied for personal loans, while exactly one year ago, in October 2018, the names, surnames, tax codes and identification codes of 730 thousand users were stolen. Even the passwords of 6,859 users had been stolen. Luckily, however, at the time Unicredit reacted in time and managed to block any suspicious access to the accounts in question.