Italian regulators fined Intesa Sanpaolo β¬31.8 million after an investigation found an employee improperly accessed banking information for 3,573 customers between February 2022 and April 2024 and internal controls failed to detect the unauthorized queries. The Italian Data Protection Authority also faulted the bank for delayed and incomplete breach notifications and inadequate protections for high-risk public-figure accounts. #IntesaSanpaolo #ItalianDataProtectionAuthority
Keypoints
- An Intesa Sanpaolo employee accessed 3,573 customersβ banking data without authorization from February 2022 to April 2024.
- Internal monitoring and prevention mechanisms failed to detect or block the unauthorized, wide-ranging queries.
- The compromised accounts included high-risk and public-figure customers who required strengthened controls.
- Notifications to affected customers were reportedly incomplete and were delivered after legal deadlines.
- The Italian Data Protection Authority imposed a β¬31.8 million fine for serious technical and organizational shortcomings.
Read More: https://therecord.media/italian-regulator-fines-financial-giant-36-million