What do we know about the data breach at Intesa Sanpaolo?
Adds dropped word 'do' in lead
By Valentina Za
MILAN, Oct 22 (Reuters) -Prosecutors in the southern Italian city of Bari are investigating an alleged data breach at the country's biggest bank Intesa Sanpaolo ISP.MI, in which Prime Minister Giorgia Meloni's account may have been accessed.
Here is what we know about the incident so far.
WHAT HAPPENED?
An Intesa employee at a branch in the small town of Bitonto, close to Bari in the Puglia region, is alleged to have accessed the current account data of around 3,500 customers, including many high profile figures such as Meloni and her predecessor Mario Draghi between February 2022 and April 2024.
WAS THE SYSTEM HACKED?
There has been no cybersecurity breach, Intesa has said. The employee worked in Intesa's agricultural business, an industry where many companies are so small, often a single-person enterprise, that assessing their credit standing means looking at account data. The person had authorisation to access the data.
WHAT KIND OF DATA ACCESS DO INTESA STAFF NORMALLY HAVE?
Aside from employees in specific roles, such as online support staff who need access to all customer accounts, Intesa employees only have visibility on clients whose data they need to see to perform their duties. For example, it could be the data of clients of the branch where they work.
HOW DOES THE CONTROL SYSTEM WORK?
The system is designed to detect anomalies, such as a single account being accessed too frequently over a period of time.
There is no alert threshold linked to the number of data requests by a single employee with permission, who would normally perform hundreds of transactions every day.
The rogue Intesa employee is alleged to have abusively accessed the accounts of around 3,500 customers about 6,600 times, but this was spread over the course of 500 working days, making it difficult for the system to detect anything out of the ordinary.
The control system aims to protect the privacy of all clients and contains no trigger linked to politically exposed people, a category which is relevant instead for checks against money laundering and transaction monitoring.
WERE THE DATA EXPORTED?
Based on the internal checks Intesa has conducted, no data was downloaded, a person close to the matter told Reuters.
WHY DID INTESA INTESA DO?
Intesa has said that once the internal control system flagged an anomaly and initial checks confirmed the irregularities, it started a disciplinary procedure against the employee and a "comprehensive" audit process to get a full picture of the events.
The employee was suspended from work pending the results of the investigation as a precaution, and Intesa informed Italy's data protection authority, providing updates as it probed the matter internally.
Intesa dismissed the employee due to "serious and repeated violations of internal rules, regulations and procedures" after completing the analysis of the events and the disciplinary process. At that point it was also in a position to file a complaint with prosecutors.
The magistrates were already at work because an Intesa customer had filed a complaint with them, when the bank informed them of the breach to their account.
The bank issued a public apology on Oct.13, created a security division and last week appointed as its head a recently retired senior police officer.
Reporting by Valentina Za; Editing by Sharon Singleton
Related Assets
Latest News
Disclaimer: The XM Group entities provide execution-only service and access to our Online Trading Facility, permitting a person to view and/or use the content available on or via the website, is not intended to change or expand on this, nor does it change or expand on this. Such access and use are always subject to: (i) Terms and Conditions; (ii) Risk Warnings; and (iii) Full Disclaimer. Such content is therefore provided as no more than general information. Particularly, please be aware that the contents of our Online Trading Facility are neither a solicitation, nor an offer to enter any transactions on the financial markets. Trading on any financial market involves a significant level of risk to your capital.
All material published on our Online Trading Facility is intended for educational/informational purposes only, and does not contain – nor should it be considered as containing – financial, investment tax or trading advice and recommendations; or a record of our trading prices; or an offer of, or solicitation for, a transaction in any financial instruments; or unsolicited financial promotions to you.
Any third-party content, as well as content prepared by XM, such as: opinions, news, research, analyses, prices and other information or links to third-party sites contained on this website are provided on an “as-is” basis, as general market commentary, and do not constitute investment advice. To the extent that any content is construed as investment research, you must note and accept that the content was not intended to and has not been prepared in accordance with legal requirements designed to promote the independence of investment research and as such, it would be considered as marketing communication under the relevant laws and regulations. Please ensure that you have read and understood our Notification on Non-Independent Investment. Research and Risk Warning concerning the foregoing information, which can be accessed here.
