UniCredit Bank Suffers "Data Incident" Exposing 3 Million Italian Customer Records (Oct 28, 2019)
The Italian banking and financial services company, UniCredit, announced that there has been a security breach in which the personal details of at least three million Italian customers was leaked. The compromised data included the names, cities, numbers and email addresses of said customers. UniCredit have not detailed publicly how the threat actors were able to compromise the Personal Identifiable information (PII) of these three million customers. but did state the attacker compromised a file created in 2015 containing the records of these customers.
Recommendation: Leaks of this sort may cause affected individuals to be at a greater risk of phishing attacks. Actors can use this information to craft custom emails to increase their chances of malicious activity being approved by the recipient. Individuals who have accounts associated to this incident should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts. Individuals should also regularly monitor their credit reports for suspicious activity or consider an identity theft protection service.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.