Italian DPA fines UniCredit $3M over data breach GDPR lapses
By 
Kyle Brasseur2024-03-11T15:54:00
The Italian data protection authority, Garante, announced a fine of 2.8 million euros (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation (GDPR) regarding insufficient security measures the bank had in place during a cyberattack.
The penalty, assessed in February but revealed by Garante in a translated newsletter Thursday, came in response to a 2018 data breach at UniCredit that exposed the information of hundreds of thousands of customers.
UniCredit said in an emailed statement it would challenge the regulator’s decision.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefSpanish DPA dings retailer Uniqlo $294K over GDPR violations
Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.
-
News BriefCzech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
-
News BriefAT&T: Data leak exposed info of 73M customers onto dark web
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
More from Regulatory Enforcement
-
News BriefTreasury reversal of OFAC sanctions against Tornado Cash signals eroding AML scrutiny
The U.S. Treasury Department lifted its sanctions against cryptocurrency mixer Tornado Cash on Friday after a federal appeals court ruled in November the penalty levied by the agency’s Office of Foreign Assets Control was an overreach.
-
PremiumRTX and Raytheon: A case study in juggling four compliance monitors
In October 2024, aerospace and defense company Raytheon and parent company RTX reached a $950 million settlement with U.S. government agencies to resolve multiple federal law violations. More significant than the criminal penalties were the four compliance monitorships that came with the agreements.
-
News BriefCCO who was ‘sole person controlling’ investment firm charged with recidivist concentration violations
An investment company and its founder, president, and chief compliance officer flagrantly kept violating mutual fund rules for multiple years after settling with the Securities and Exchange Commission, the SEC said in a complaint against the company.