Italian DPA fines UniCredit $3M over data breach GDPR lapses
By 
Kyle Brasseur2024-03-11T15:54:00
The Italian data protection authority, Garante, announced a fine of 2.8 million euros (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation (GDPR) regarding insufficient security measures the bank had in place during a cyberattack.
The penalty, assessed in February but revealed by Garante in a translated newsletter Thursday, came in response to a 2018 data breach at UniCredit that exposed the information of hundreds of thousands of customers.
UniCredit said in an emailed statement it would challenge the regulator’s decision.
Related articles
-
News BriefSpanish DPA dings retailer Uniqlo $294K over GDPR violations
Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.
-
News BriefCzech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
-
News BriefAT&T: Data leak exposed info of 73M customers onto dark web
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
More from Regulatory Enforcement
-
News BriefCFPB shutdown appears imminent, enforcement transferred to DOJ
The Consumer Financial Protection Bureau is reportedly transferring its enforcement caseload to the DOJ, one of multiple indicators telegraphing its eminent shutdown.
-
ArticleRussian web company that hosted LockBit ransomware sanctioned
Two Russian web-hosting services that provide cover for ransomware operators, including Lockbit, have been sanctioned by the U.S. Treasury’s OFAC and international partners.
-
News BriefDOJ secures $118 million penalty in FCPA violation case tied to Guatemalan telecom firm
The parent company of a telecom subsidiary in Guatemala agreed to pay $118.2 million to settle allegations of improper payments made to government officials, but the U.S. Department of Justice chose not to impose a compliance monitor to administer the firm’s compliance with the Foriegn Corrupt Practices Act (FCPA).