Italy's privacy watchdog raps Intesa over data breach incident
MILAN, Nov 5 (Reuters) -Italy's data protection authority said on Tuesday Intesa Sanpaolo ISP.MI had underestimated the seriousness of a data breach incident involving thousands of customers, widely reported to include Prime Minister Giorgia Meloni.
Last month the authority asked the bank to provide clarification over the case involving an Intesa employee who allegedly accessed the data of about 3,500 clients.
At the time, Intesa said the employee had been suspended pending the results of a criminal investigation, and that it had informed the data protection authority and was also probing the matter internally.
But the authority said in a statement on Tuesday that the bank had not adequately informed it about the extent of the breach, which became apparent later thanks to press reports and was only confirmed subsequently by Intesa.
"Contrary to the bank's assessment... the breach of the personal data represents a high risk for the rights and the freedoms of the individuals concerned," the authority said.
It said the potential consequences of the breach had included disclosure of information on the financial status of individuals and reputational damage.
The data protection watchdog instructed the bank to inform all customers whose data has been violated within 20 days.
It said it would assess the adequacy of the security measures the bank has put in place and ordered it to provide feedback within 30 days.
Intesa said in a statement it had already started working to respond to the authority's requests.
It said ensuring the highest level of security for its customers' data was a priority and it had already enhanced its systems and control procedures.
Intesa also said that the number of the affected customers was lower than was initially indicated by press reports, without giving a figure, and there was no evidence the data had been shared outside the bank.
Reporting by Elvira Pollina, additional reporting by Valentina Za, editing by Alvise Armellini and Gavin Jones
Related Assets
Latest News
Disclaimer: The XM Group entities provide execution-only service and access to our Online Trading Facility, permitting a person to view and/or use the content available on or via the website, is not intended to change or expand on this, nor does it change or expand on this. Such access and use are always subject to: (i) Terms and Conditions; (ii) Risk Warnings; and (iii) Full Disclaimer. Such content is therefore provided as no more than general information. Particularly, please be aware that the contents of our Online Trading Facility are neither a solicitation, nor an offer to enter any transactions on the financial markets. Trading on any financial market involves a significant level of risk to your capital.
All material published on our Online Trading Facility is intended for educational/informational purposes only, and does not contain – nor should it be considered as containing – financial, investment tax or trading advice and recommendations; or a record of our trading prices; or an offer of, or solicitation for, a transaction in any financial instruments; or unsolicited financial promotions to you.
Any third-party content, as well as content prepared by XM, such as: opinions, news, research, analyses, prices and other information or links to third-party sites contained on this website are provided on an “as-is” basis, as general market commentary, and do not constitute investment advice. To the extent that any content is construed as investment research, you must note and accept that the content was not intended to and has not been prepared in accordance with legal requirements designed to promote the independence of investment research and as such, it would be considered as marketing communication under the relevant laws and regulations. Please ensure that you have read and understood our Notification on Non-Independent Investment. Research and Risk Warning concerning the foregoing information, which can be accessed here.
