UniCredit joins ranks of financial services data breaches

01 September 2017

An Italian bank has become the latest financial services company to suffer a data breach, as the sector continues to present an attractive target to cyber criminals.

In July, Italy’s largest bank UniCredit SpA admitted a major data breach in what is thought to be one of the country’s largest breaches, and one of the biggest breaches of European banking security this year. 

Hackers stole biographical and loan data from 400,000 client accounts in two incidents, the first in September and October of 2016 and the second in June and July of this year. According to media reports, the 2016 breach had gone undiscovered until it was revealed by investigations following the July attack. 

Cyber-crime Magnet

Financial institutions tend to have higher levels of cyber security when compared with other sectors but they remain an attractive target for cyber criminals. 

The UniCredit incident follows the hacking of Tesco Bank in 2016 and a massive distributed denial of service (DDos) attack against Lloyds Bank earlier this year. More recently, payday loan provider Wonga warned that 250,000 of its customers may have been affected by a data breach after hackers stole personal data, including names, addresses bank account numbers and sort codes. 

According to IBM, financial services are a magnet for cyber criminals, being the most-attacked industry in 2016 — financial services firms were 65% more likely to have suffered a data breach than the average organisation. It also found data breaches in the financial services sector are increasing – the number of attacks rose 29% while more than 200 million financial services records were breached in 2016, a 937% rise over 2015. 

Steady Rise

IBM’s findings were supported by statistics from the Information Commissioner’s Office (ICO) that showed a 23% increase in data breaches among UK financial services companies in 2016/17. 

Banks, insurers and other financial companies reported 140 data breaches to the ICO in the year to the end of March, up from 114 the previous year. This compares with 88 data breaches reported in 2012-13, a 59% rise over the past five years. 

According to law firm RPC, while cyber criminals are targeting banks and insurers, they are also paying more attention to smaller firms like independent financial advisors. ICO figures showed that financial advisers have experienced a 96% increase in the number of reported data breaches, up from 25 to 49. Insurance companies experienced the biggest rise in data breaches - the number of breaches doubled to 32 in 2016/17. 

The number of reported data breaches is expected to increase further next year with the introduction of new EU data protection law, the General Data Protection Regulation. This will require companies to report data breaches to the regulator within 72 hours.

Download Cyber Decoder

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on cyber@jltgroup.com



Find out more

Read our Cyber Risks & Insurance Insights

Read more

Receive our monthly cyber risk newsletter