MILAN, March 30 (Reuters) - Italy's data protection authority said on Monday it had fined the country's biggest bank Intesa Sanpaolo 31.8 million euro ($36.41 million) over a data breach case that
Italy data protection agency fines Intesa Sanpaolo $36 million over data breach
Details of the Intesa Sanpaolo Data Breach and Fine
Overview of the Incident
MILAN, March 30 (Reuters) - Italy's data protection authority said on Monday it had fined the country's biggest bank Intesa Sanpaolo 31.8 million euro ($36.41 million) over a data breach case that involved some 3,500 customers over two years.
Extent of Unauthorized Access
According to the agency's investigation, an Intesa employee accessed banking information of 3,573 customers, carrying out more than 6,600 consultations between February 2022 and April 2024.
Internal Control Failures
"These unauthorised accesses went undetected by the bank’s internal control systems, revealing significant weaknesses in its monitoring and prevention mechanisms," the authority, known in Italy as the 'Garante', said in a statement.
Response and Consequences
Bank's Reaction
Intesa Sanpaolo did not immediately respond to a request for comment.
Impact on Customers
Among the clients affected were individuals with prominent public roles for whom enhanced control measures should have been in place, the Garante said.
Corrective Measures and Fine Calculation
In setting its fine, the authority said it took into account corrective measures subsequently adopted by the bank to strengthen its internal control systems and data security safeguards.
Additional Information
($1 = 0.8734 euros)
(Reporting by Elvira Pollina, editing by Cristina Carlevaro and Gavin Jones)
