Cyber Incident Victim: Unipol Banca

On September 27, 2015, hackers affiliated with Ghost Italy, an external cell of Anonymous Italia, publicly claimed responsibility for breaching Intesa Sanpaolo and Unipol Banca under the operation #OpBankDump. The group announced the attack at 17:18 via web chats typically used by Anonymous for coordination, subsequently publishing details on Ghostbin. Ghost Italy asserted they had exfiltrated 90 databases containing approximately 6,000 records of emails, phone numbers, usernames, and passwords belonging to bank users, employees, and corporate clients. The leaked data also included information linked to Wind, Enel, and Engitel, organized by domain and company affiliation. Intesa Sanpaolo confirmed the authenticity of the published data but clarified it originated from an external provider’s systems rather than their own infrastructure. The bank emphasized that the compromised passwords were encrypted versions provided to the third-party vendor, rendering them unusable for accessing actual customer accounts.

Both Intesa Sanpaolo and Unipol Banca denied unauthorized access to their internal systems when contacted by Repubblica.it. The hackers’ Ghostbin statement framed the attack as ideological retaliation against banks, accusing them of exploiting public livelihoods and failing to safeguard data despite security expenditures. Ghost Italy explicitly cited the breach as evidence of institutional negligence toward privacy, claiming Intesa Sanpaolo’s systems contained 90 vulnerable databases during their intrusion. The leaked datasets included verified phone numbers and email addresses, though no functional banking credentials were exposed. This incident followed Ghost Italy’s summer 2015 attacks on Italian police websites, which had demanded the release of detained Anonymous members involved in operations against ISIS and government agencies.