UniCredit turns to biometrics after data breach
01 November 2019 13:20 GMT

Italy's UniCredit has said its cyber security team has identified a data incident involving a file generated in 2015 containing a defined set of approximately 3 million records limited to the Italian perimeter.

In June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions. This new process requires a onetime password or biometric identification  further reinforcing its strong security and client protection. 

The accessed records consisted of names, city, telephone number and email only. Consequently no other personal data or any bank details permitting access to customer accounts or allowing for unauthorized transactions have been compromised.

UniCredit immediately launched an internal investigation and has informed all the relevant authorities, including the police.

The bank is contacting all potentially affected persons exclusively by post and / or online banking notifications. 

The firm said customer data safety and security is UniCredit's top priority and since the 2016 launch of Transform 2019, the Group has invested an additional 2.4 billion euro in upgrading and strengthening its IT systems and cyber security.