Italian bank UniCredit on Monday said it had discovered a data breach concerning the contact details of around 3 million Italian customers, contained in a four-year-old file.
“The UniCredit cyber security team has identified a data incident involving a file generated in 2015 containing a defined set of approximately 3 million records,” a statement said.
Hackers got hold of “names, city, telephone number and email only” and do not have “any bank details permitting access to customer accounts or allowing for unauthorised transactions,” it added.
The incident was reported to police and is subject to an internal investigation, and potentially affected customers are being contacted via post or email, UniCredit said.
The ANSA news agency quoted police sources as saying that the data was moved to the dark web, and that possible further data breaches were being investigated.
ANSA noted that UniCredit reported another hacking incident in July 2017, concerning the personal loan data of some 400,000 of its Italian customers.