Source: Information Security Buzz
It has been reported today that UniCredit SpA have announced that hackers accessed about 400,000 client bank accounts in Italy, taking biographical and loan data in one of the biggest breaches in Europe to date.
The breaches occurred in September and October of 2016 and June to July of this year, the bank said on Wednesday in an emailed statement. Unauthorized access through an Italian third party provider gave access to some customer data related to personal loans, with the lender saying IBAN numbers and other personal data may also have been accessed. IT security experts commented below.
Donato Capitella, Senior Security Consultant at MWR InfoSecurity:
“This compromise of UniCredit customer data confirms the risks that organisations face by interconnecting their own IT systems with the ones belonging to their third party suppliers. The risk is inherent in that the security posture of these third parties often tends to be weaker. Thus, targeting third parties offers the attackers an easier, lower resistance path into the IT systems/data belonging to their larger, critical targets. We have repeatedly observed evidence of this crime displacement effect in our own experience both on the offensive and incident response side.
“It is fundamental for organisations to come to terms with the fact that raising their security posture is essential but not sufficient, especially if they are then willing to interweave their IT systems with third parties whose security posture is insufficient. They have to mandate higher security standards if they do not want to see all of their security investment undermined by the security weaknesses of their partners. At the same time, third parties that can demonstrably step up their security game will become preferred over time, and will undoubtedly have a higher chance to win important contacts in the future.”
David Emm, Principal Researcher at Kaspersky Lab:
This news is an alarming reminder that anybody’s online information can…
Click here to read more