By Paola Arosio and Gianluca Semeraro
MILAN (Reuters) - Suspected hackers have accessed client data of Italy's biggest lender, UniCredit <CRDI.MI>, in two attacks in the past 10 months and affected about 400,000 Italian customers, the most serious data breach ever reported by a major Italian lender.
No passwords were stolen in the attacks, which first occurred in September and October of 2016 and again in June and July of this year, but personal and banking details could have been accessed, UniCredit said in a statement.
The attacks were carried out through an external commercial partner, which UniCredit did not identify. Wednesday's statement also did not describe how the intruders accessed the data nor when the bank became aware of the first intrusion.
- PHOTOS: New art and old relics at Mickey Mouse's NYC gallery 25 Pictures
- PHOTOS: See Yes on 3 supporters react to historic transgender rights Question 3 win 11 Pictures
- PHOTOS: A look back at Queen performing in the 1970s and 1980s 22 Pictures
- All of these celebrities have had their nudes leaked 35 Pictures
- PHOTOS: A look at Idris Elba's style through the years 20 Pictures
- PHOTOS: Heidi Klum's annual Halloween party and other amazing celebrity costumes 17 Pictures
- These are the spookiest cities per capita in the U.S. 5 Pictures
- Food Network star talks pumpkin carving 1 Pictures
- Who is Alexander Edwards, Amber Rose's new boyfriend? 9 Pictures
- Is Cardi B pregnant again? This tweet has people guessing 6 Pictures
- Natural Museum's best wildlife photos of the year 5 Pictures
A source familiar with the matter said the bank had only uncovered the data breaches between Monday and Tuesday.
"The bank immediately adopted all necessary measures to prevent a repeat of such intrusions," the bank said, adding that it had notified law-enforcement authorities.
The head of UniCredit's information technology unit, Daniele Tonella, said none of the data accessed by the attackers allowed any financial transaction to be carried out.
"We don't know why this data was acquired," he told Reuters, adding that it also did not know who was behind the attacks.
Attacks on banks in recent years have become more sophisticated and resulted in mounting financial losses.
They have evolved beyond data breaches, in which personal information are stolen, to include denial-of-service attacks which have knocked out access to online banking services for up to several days and even intrusions into core banking systems.
Last November, attackers stole more than 2.5 million pounds ($3.25 million) from Tesco Bank in Britain's largest disclosed cyber heist.
UniCredit shares were down 0.9 percent at 16.87 euros in late morning trade.
(Additional reporting by Silvia Aloisi; Editing by Mark Bendeich and Edmund Blair)