Back

Intesa Sanpaolo Fined €31.8M for Data Breach Affecting 3,500+ Customers

Severity: High (Score: 66.0)

Sources: Thecyberexpress, Therecord.Media

Summary

Intesa Sanpaolo faced a €31.8 million penalty from Italy's data protection authority due to a data breach affecting over 3,500 customers. The breach, which lasted more than two years, involved unauthorized access to sensitive banking information by a single employee who made over 6,600 queries. The investigation revealed serious shortcomings in the bank's data security measures, including ineffective internal monitoring systems that failed to detect the anomalous access. The breach included data from high-risk individuals, such as public figures and politically exposed persons, raising concerns about the adequacy of oversight. The bank's notification to customers was delayed and incomplete, limiting their ability to respond effectively. The incident highlighted significant violations of GDPR provisions regarding data integrity and accountability. Key Points: • Intesa Sanpaolo fined €31.8 million for a data breach affecting over 3,500 customers. • Unauthorized access by an employee went undetected for over two years, raising security concerns. • The breach involved sensitive data of high-risk individuals, including public figures.

Key Entities

  • Data Breach (attack_type)
  • Intesa Sanpaolo (company)
  • Intesa Sanpaolo SpA (company)
  • Italy (country)
  • Financial (industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed