According to reliable sources, Italian bank UniCredit has recognized a breach of its IT systems impacting a staggering 3 million customer records.
The creditor confirmed on Monday that a file produced in 2015 comprising three million records pertaining to Italian clients had been involved in the incident.
Nevertheless, no details which could give cybercriminals access to these clients’ bank accounts or payment information had been reached.
That’s contrary to a main 2016 breach revealed two years ago in which 400,000 were accessed by attackers in September and October. They were only exposed around nine months later.
Since then, the bank claimed that it has invested an additional €2.4bn in upgrading and solidifying its IT systems and cybersecurity.
The importance of the data uncovered in the newly reported breach, and whether GDPR investigators will seek to penalize the company, is not yet clear.
For more information about Data Breach: What you need to know about Data Breach
In spite of financial services companies spending heavily on cybersecurity, the average cost of cybercrime for the sector augmented by over 40%, from $13m per company in 2014 to $18m in 2017. On the contrary, the average cost per firm for other sectors is just under $12m, according to a report.