This is a report received from one of our users:
"Dear sirs,
what should we say or do in similar cases? Unicredit has not sent any e-mail or text message to send important documentation, nor, by accessing internet banking, do you have any documentation documentation to read. Out of curiosity, today I wanted to open all the categories of documents, in one of these called "other documents" never opened before, a letter warning me miraculously appears: "an unauthorized access to data relating to customers was identified his "ecc.ecc. to follow the recommended "safety handbook" for current account holders. It looks like a joke … after the damage. They steal my data from you and you tell me to pay attention! but what should I do now that my data is in the hands of who knows who and who knows who knows who knows what will be done? (sorry the pun) I don't know what to say about it, really embarrassing, worrying, disarming … I would like to ask if there are "serious" suggestions that you can give in these cases for
protect us, to respond to the bank, to be compensated for the damage (?) or so … say that they have been stolen "only" personal data as if it were a small thing … but really? what else will we never know? Thanks for the always polite listening and sorry for the outburst. Best regards"
It is not the first time that happens.
On July 25, 2017 Unicredit reported to the Guarantor for the protection of personal data a computer intrusion to the detriment of 762,000 customers, during which personal and contact details, profession, level of study, identification of an identity document were stolen as well as information on the employer, salary, loan amount, payment status, "approximation of the customer's credit rating" and Iban identification.
On 22 October 2018 Unicredit reported to the Guarantor for the protection of personal data a cyber attack following which 735,519 personal identification codes were identified to access home banking and, of these, 6,859 passwords were identified for Unicredit. stuck. Because of what happened, the Guarantor has ordered Unicredit to notify each affected customer of the hack, the nature of the violation, the name and contact details of the data protection officer or other contact point where they can get more information, describe the probable consequences of the violation of personal data, describe the measures adopted or proposed for adoption by the data controller to remedy the violation of personal data and also, if necessary, to mitigate the possible effects negative.
This latest hacker attack has caused access to an impressive amount of data (3 million names, surnames, phone numbers and email addresses) but in our opinion, Unicredit has not yet effectively communicated what happened to its customers:
– has published a press release, not on the website used by depositors but on the Unicredit Group website, so few will read it (probably only those who, like us, have specifically searched for it);
– the text of the communique does not explain when the attack took place but merely states that the stolen data was part of a 2015 file (which means very little, in so many since 2015 continue to have the same name, surname , phone number, email address);
– in the paper letters you are sending to customers to inform them of the incident, in our opinion it is not sufficiently clear and explicit in explaining what the consequences of such theft may be. It "limits" itself to remember that the theft concerned "exclusively personal data" (as if it were irrelevant data) and that since access credentials were not stolen, it is up to individual customers not to disclose personal codes and passwords since Unicredit never asks by email or telephone to provide such data;
– the communication sent via home banking is – according to what some users tell us – free of alerts or notifications of important communications, yes inserted in the depths of the home banking profile but not immediately visible or adequately reported.
We have therefore sent a report to the Guarantor for the protection of personal data, so that it orders Unicredit to communicate, in an appropriate manner, to all the customers involved what happened, the possible consequences of the violation of personal data and describe the measures taken to remedy the violation of personal data and to mitigate possible negative effects.
We suggest our users not to underestimate the incident, since the damage that can result from the theft is particularly serious, since they are univocally and directly identifiable data that can be used as search keys to identify the interested party and consequently also access other information referable to him and that could be used to address phone calls or phishing messages for fraudulent purposes. As a precautionary measure, it would be advisable to change the e-mail address and telephone number, ask Unicredit to provide a clear and complete information on what has happened and, if this does not happen, send a report to the Privacy Guarantor and evaluate the opportunity to change bank.
Emmanuela Bertucci, Aduc lawyer
PRESS RELEASE OF THE ADUC
Association for user and consumer rights
To keep up to date, follow us on: Facebook – Twitter – GNews – Instragram – Pinterest
Source link
https://www.notizieora.it/attacco-hacker-a-unicredit-rubati-dati-di-3-milioni-di-clienti/
Dmca
