UNCFF Unicredito SPA (PK)

By Anuj Gangahar and Giovanni Legorano 

Italian banking giant UniCredit SpA is investigating the possibility of a data breach that the lender believes could be related to a similar hacking incident at Capital One Financial Corp., according to a person familiar with the matter.

The company is examining whether a directory held on a cloud server was accessed without authorization, the person said. UniCredit said in a statement that it had contacted the relevant authorities and is actively investigating the matter.

"Data security and privacy are our key priorities at all times," the statement said.

Capital One, the fifth-largest U.S. credit-card issuer, said Monday that a hacker accessed the personal information of approximately 106 million card customers and applicants, one of the largest-ever data breaches of a big bank.

The Federal Bureau of Investigation said Tuesday it seized digital devices from the alleged hacker's home that referenced Capital One and other companies that may have been targeted.

The alleged hacker, Paige Adele Thompson, was a former employee at Amazon.com Inc.'s cloud division responsible for running much of Capital One's information-technology infrastructure. Prosecutors said Capital One failed to fully secure its firewall to wall off data inside Amazon Web Services.

In a blog post Tuesday, cybersecurity blogger Brian Krebs published a screenshot that purports to show a list of files containing data that the hacker accessed. One of the files was named "unicredit." This list was posted by Ms. Thompson to a discussion group on the digital-messaging service Slack in late June, according to screenshots reviewed by The Wall Street Journal.

The files also include the names of other companies including auto maker Ford Motor Co.

A Ford spokeswoman said the company is investigating the matter, without elaborating further. Ford is a customer of Amazon Web Services.

An Amazon spokesman said the company has reached out to customers mentioned in online forums by the alleged hacker "to help them assess their own logs for any evidence of an issue." He said Amazon doesn't have proof "that the perpetrator in the Capital One incident found similar application flaws in a few other customers."

In online chats on Slack reviewed by the Journal, Ms. Thompson claimed to have access to a massive trove of data, including files that federal investigators had linked to the Capital One hack. The compressed UniCredit files were more than double the size of the Capital One files, according to the screenshots.

UniCredit's main regulator, the European Central Bank's supervision arm, said it doesn't comment on specific banks. The arm looks closely at cybersecurity risks at banks, including through on-site inspections.

The ECB has permission to audit the outsourcing activities of banks, meaning it can audit companies that provide cloud services to a bank it supervises. Contracts between banks and outsourcing providers must include a clause allowing the ECB to audit the provider.

Italian banks have been slow to invest in technology as they have struggled to digest piles of bad loans that accumulated on their balance sheets during the financial and sovereign debt crisis. Only three years ago, 17% of Italian banks loans, whose face value was EUR360 billion ($401 billion), were sour, according to the Bank of Italy.

The bad loans dented lenders profits for years, as the banks were forced to set aside provisions for losses on loans and resort to sell fresh shares to shore up their capital base.

UniCredit, Italy's largest bank by assets, has pushed through a strategic plan in the past years that improved its financial health. It raised EUR13 billion of fresh capital, sold assets, such as an online bank and a Polish lender, got rid of billions of bad loans and cut costs.

The bank, which has retail businesses in several European countries and an investment banking unit, including in the U.S., has said it would complete the plan based on organic growth this year.

Robert McMillan contributed to this article.

Write to Giovanni Legorano at giovanni.legorano@wsj.com

(END) Dow Jones Newswires

July 31, 2019 17:24 ET (21:24 GMT)

Copyright (c) 2019 Dow Jones & Company, Inc.