Italy’s data watchdog slams Intesa over data breach

The top bank failed to adequately report the incident.

 City, Architecture, Building, Office Building, Door, Chair, Furniture, Urban, Shop, Sign, Symbol

Italy’s data protection authority has criticised Intesa Sanpaolo for underestimating the severity of a data breach that affected thousands of customers, including Prime Minister Giorgia Meloni. The breach, which involved an Intesa employee accessing the data of around 3,500 clients, was initially reported with a higher number of affected individuals. However, the bank later clarified that the number was lower than what had been reported in the media.

The data watchdog instructed Intesa to notify all impacted customers within 20 days and noted that the bank had not adequately communicated the full scope of the breach. The authority emphasised that the breach posed a significant risk to the affected individuals’ rights and freedoms, including potential harm to their financial status and reputation. Intesa had already dismissed the employee involved and informed both the data protection authority and prosecutors.

The authority is now reviewing the bank’s security measures and has asked Intesa to provide an update within 30 days. In response, the bank assured that it had prioritised customer data security and had taken steps to enhance its systems and control procedures. Intesa also stated there was no evidence that the data had been shared outside the bank.