Unicredit, the sanction of the Privacy Guarantor arrives
The violation took place by exploiting the accounts of the employees of some commercial partners of the institute: many and of particular importance were the stolen data: “data personal and contact details, profession, level of study, identification details of an identification document and information relating to the employer, salary, loan amount, payment status, approximation of the customer's credit rating and Iban code ".
This is the conclusion of the Guarantor, with which the sum of the sanction has been established and the sentence countersigned:
The Guarantor therefore, considering the relevant profiles of illic eity of the treatment determined by the failure to adopt adequate technical and organizational measures and assessed the arguments put forward by the bank, deemed it necessary to apply the sanction in order to safeguard the rights and freedoms of the persons involved, regardless of the notification of the data breach personal carried out by the bank. In determining the amount of the amount in 600 thousand euros, the Authority took into account several elements, including the fact that the violations were committed against a significant number of people and that the bank - which did not suffer previous sanctioning measures by the Guarantor - following the data breach, it adopted various measures and initiatives aimed at strengthening the security of its IT systems.
reporting to the supervisor of the violation suffered, in short, has not saved Unicredit by a penalty that is proportionate to the gravity of the failings in terms of safety, but also to the good will shown later to improve the situation.
Source: Privacy Guarantor
