UniCredit Investigating Data Breach Possibly Related to Capital One -- 2nd Update
July 31 2019 - 5:39PM
Dow Jones News
By Anuj Gangahar and Giovanni Legorano
Italian banking giant UniCredit SpA is investigating the
possibility of a data breach that the lender believes could be
related to a similar hacking incident at Capital One Financial
Corp., according to a person familiar with the matter.
The company is examining whether a directory held on a cloud
server was accessed without authorization, the person said.
UniCredit said in a statement that it had contacted the relevant
authorities and is actively investigating the matter.
"Data security and privacy are our key priorities at all times,"
the statement said.
Capital One, the fifth-largest U.S. credit-card issuer, said
Monday that a hacker accessed the personal information of
approximately 106 million card customers and applicants, one of the
largest-ever data breaches of a big bank.
The Federal Bureau of Investigation said Tuesday it seized
digital devices from the alleged hacker's home that referenced
Capital One and other companies that may have been targeted.
The alleged hacker, Paige Adele Thompson, was a former employee
at Amazon.com Inc.'s cloud division responsible for running much of
Capital One's information-technology infrastructure. Prosecutors
said Capital One failed to fully secure its firewall to wall off
data inside Amazon Web Services.
In a blog post Tuesday, cybersecurity blogger Brian Krebs
published a screenshot that purports to show a list of files
containing data that the hacker accessed. One of the files was
named "unicredit." This list was posted by Ms. Thompson to a
discussion group on the digital-messaging service Slack in late
June, according to screenshots reviewed by The Wall Street
Journal.
The files also include the names of other companies including
auto maker Ford Motor Co.
A Ford spokeswoman said the company is investigating the matter,
without elaborating further. Ford is a customer of Amazon Web
Services.
An Amazon spokesman said the company has reached out to
customers mentioned in online forums by the alleged hacker "to help
them assess their own logs for any evidence of an issue." He said
Amazon doesn't have proof "that the perpetrator in the Capital One
incident found similar application flaws in a few other
customers."
In online chats on Slack reviewed by the Journal, Ms. Thompson
claimed to have access to a massive trove of data, including files
that federal investigators had linked to the Capital One hack. The
compressed UniCredit files were more than double the size of the
Capital One files, according to the screenshots.
UniCredit's main regulator, the European Central Bank's
supervision arm, said it doesn't comment on specific banks. The arm
looks closely at cybersecurity risks at banks, including through
on-site inspections.
The ECB has permission to audit the outsourcing activities of
banks, meaning it can audit companies that provide cloud services
to a bank it supervises. Contracts between banks and outsourcing
providers must include a clause allowing the ECB to audit the
provider.
Italian banks have been slow to invest in technology as they
have struggled to digest piles of bad loans that accumulated on
their balance sheets during the financial and sovereign debt
crisis. Only three years ago, 17% of Italian banks loans, whose
face value was EUR360 billion ($401 billion), were sour, according
to the Bank of Italy.
The bad loans dented lenders profits for years, as the banks
were forced to set aside provisions for losses on loans and resort
to sell fresh shares to shore up their capital base.
UniCredit, Italy's largest bank by assets, has pushed through a
strategic plan in the past years that improved its financial
health. It raised EUR13 billion of fresh capital, sold assets, such
as an online bank and a Polish lender, got rid of billions of bad
loans and cut costs.
The bank, which has retail businesses in several European
countries and an investment banking unit, including in the U.S.,
has said it would complete the plan based on organic growth this
year.
Robert McMillan contributed to this article.
Write to Giovanni Legorano at giovanni.legorano@wsj.com
(END) Dow Jones Newswires
July 31, 2019 17:24 ET (21:24 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Unicredito (PK) (USOTC:UNCFF)
Historical Stock Chart
From Mar 2024 to Apr 2024
Unicredito (PK) (USOTC:UNCFF)
Historical Stock Chart
From Apr 2023 to Apr 2024