UniCredit has uncovered a data breach affecting the personal records of more than three million Italian customers.
In a statement, the bank says the exposure involved a file generated in 2015 that stored the names, city, telephone number and email of three million customer accouns.
UniCredit says no other personal data or any bank details permitting access to customer accounts or allowing for unauthorised transactions have been compromised.
The bank says it has launched an internal investigation and has informed all the relevant authorities, including the police.
"Since 2016, the Group has invested an additional 2.4 billion euro in upgrading and strengthening its IT systems and cyber security," the bank states. "In June 2019, the Group implemented a new strong identification process for access to its web and mobile services, as well as payment transactions. This new process requires a onetime password or biometric identification further reinforcing its strong security and client protection."
This is not the first time UniCredit account data has been lifted. In July 2017, the lender said hackers had accessed client data in two separate attacks, in September and October 2016, affecting 400,000 Italian customers.