First, a little history. In fall of 2016, UniCredit was was hacked and the breach was only recently discovered, according to the bank. In a statement from the bank, the accounts were hacked in September and October last year, then again in June and July of this year.
The bank also said that a contractor is to blame for the breach. The bank said the hackers got away with account numbers, but it added that the accounts’ passwords had not been compromised. The bank has alo promised to upgrade it’s IT infrastructure to the tune of $2.6Billion.
So what can we learn?
Firstly, having proper procedures in place to ensure that contractors are both held accountable and are only able to access company data on a “need to know” basis, could have prevented the breach in the first place.
Secondly, upgrading the IT infrastructure proactively could have also prevented the data breach.
The lesson simple, weather the financial industry, healthcare, legal, accounting, or a mom and pop brick and mortar shop; proper procedures and keeping the business network current is no longer an option but a requirement.