Founded in 1870, UniCredit is Italy’s biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 countries. They’ve been reported to suffer a severe data leak incident of at least 3 Million of its domestic customers. The attacker has compromised a 2015 file which consists of customers’ name, cities, telephone numbers and email addresses. Unicredit has confirmed that other personal details and bank details were not leaked and customers should not worry about the attackers accessing their account and performing unauthorized transactions. The company also has taken an immediate action by conducting internal investigations to verify the extent of the breach, added additional security control and notify all the affected customers.
Condition Zebra as an International IT security services, training and certification provider would like to point out our view on this matter. Even though the data breach did not include other customers’ personal details and bank details, customers should be aware that attackers will try to attempt a different attack on them such as phishing emails. Phishing email is an attempt to deceive and manipulate a customer in order to obtain customer’s personal details such as bank account details. Customers should aware when they receive any suspicious emails. To identify the characteristics of a phishing email, you can refer to our previous post here. Customers also have to keep an eye on their banking activities and if anything appears to be unusual, please report to your bank immediately.
Prevention is better than cure. We, as a committed community, would like to encourage companies whether small and medium businesses or big companies to make sure that their IT infrastructures are secured. The first step to take is to conduct a penetration testing on your infrastructures. Penetration testing is a method for testing a web application, network, or computer system to identify security vulnerabilities that could be exploited. The primary objective for security as a whole is to prevent unauthorized parties from accessing, changing, or exploiting a network or system. If you are afraid to invest without knowing how actually penetration testing works, you can try and claim our FREE penetration service today by clicking here . Although this is a free of charge (F.O.C.) service, Condition Zebra is committed to provide the best penetration testing service to you. A comprehensive report will be provided and we reassure that this is not a report generated from vulnerability scanner. Our report consists of findings from vulnerability assessment, standard penetration testing, and advanced manual testing conducted by our penetration testers.
The second step a company should take is to encourage their employees to attend cyber security trainings. Training is the main vehicle to broaden the knowledge of all employees. However, most employers consider the development opportunities to be rather expensive considering employees attending the trainings result in project delivery delay. Despite the drawbacks of developing employees’ knowledge and skills, the return on investment from training employees would save a major portion of your business cost from suffering a cyber attack. Check out our cyber security training here and find out how we assist companies in securing their systems.
Source: The Hacker News