<html xmlns="http://www.w3.org/1999/xhtml"><head><title>RPT-EXPLAINER-What do we know about the data breach at Intesa Sanpaolo?</title></head><body>

Adds dropped word 'do' in lead

By Valentina Za

MILAN, Oct 22 (Reuters) -Prosecutors in the southern Italian city of Bari are investigating an alleged data breach at the country's biggest bank Intesa Sanpaolo ISP.MI, in which Prime Minister Giorgia Meloni's account may have been accessed.

Here is what we know about the incident so far.

WHAT HAPPENED?

An Intesa employee at a branch in the small town of Bitonto, close to Bari in the Puglia region, is alleged to have accessed the current account data of around 3,500 customers, including many high profile figures such as Meloni and her predecessor Mario Draghi between February 2022 and April 2024.

WAS THE SYSTEM HACKED?

There has been no cybersecurity breach, Intesa has said. The employee worked in Intesa's agricultural business, an industry where many companies are so small, often a single-person enterprise, that assessing their credit standing means looking at account data. The person had authorisation to access the data.

WHAT KIND OF DATA ACCESS DO INTESA STAFF NORMALLY HAVE?

Aside from employees in specific roles, such as online support staff who need access to all customer accounts, Intesa employees only have visibility on clients whose data they need to see to perform their duties. For example, it could be the data of clients of the branch where they work.

HOW DOES THE CONTROL SYSTEM WORK?

The system is designed to detect anomalies, such as a single account being accessed too frequently over a period of time.

There is no alert threshold linked to the number of data requests by a single employee with permission, who would normally perform hundreds of transactions every day.

The rogue Intesa employee is alleged to have abusively accessed the accounts of around 3,500 customers about 6,600 times, but this was spread over the course of 500 working days, making it difficult for the system to detect anything out of the ordinary.

The control system aims to protect the privacy of all clients and contains no trigger linked to politically exposed people, a category which is relevant instead for checks against money laundering and transaction monitoring.

WERE THE DATA EXPORTED?

Based on the internal checks Intesa has conducted, no data was downloaded, a person close to the matter told Reuters.

WHY DID INTESA INTESA DO?

Intesa has said that once the internal control system flagged an anomaly and initial checks confirmed the irregularities, it started a disciplinary procedure against the employee and a "comprehensive" audit process to get a full picture of the events.

The employee was suspended from work pending the results of the investigation as a precaution, and Intesa informed Italy's data protection authority, providing updates as it probed the matter internally.

Intesa dismissed the employee due to "serious and repeated violations of internal rules, regulations and procedures" after completing the analysis of the events and the disciplinary process. At that point it was also in a position to file a complaint with prosecutors.

The magistrates were already at work because an Intesa customer had filed a complaint with them, when the bank informed them of the breach to their account.

The bank issued a public apology on Oct.13, created a security division and last week appointed as its head a recently retired senior police officer.

Reporting by Valentina Za; Editing by Sharon Singleton

</body></html>