UniCredit has been hit by a data attack, the Italian bank said this morning.
Approximately 400,000 customers are thought to have been affected by two breaches.
UniCredit admitted that some personal data and IBAN numbers might have been accessed.
The bank said it had launched an audit and informed the relevant authorities.
In a statement, UniCredit said it had “been the victim of a security breach in Italy due to unauthorised access through an Italian third party provider to Italian customer data related to personal loans only”.
It revealed that the first breach “seems to have occurred” in September and October 2016, while the second was between June and July this year.
“Data of approximately 400,000 customers in Italy is assumed to have been impacted during these two periods,” the bank said.
“No data, such as passwords allowing access to customer accounts or allowing for unauthorised transactions, has been affected, whilst some other personal data and IBAN numbers might have been accessed.”
UniCredit said it would be filing a claim with the Milan prosecutor’s office and “has also taken immediate remedial action to close this breach”.