On March 7, 2024, the Italian data protection authority (Garante) announced in its newsletter decision n. 65 of February 8, 2024, in which it imposed a fine of €2.8 million on UniCredit S.p.A. for violations of the General Data Protection Regulation (GDPR). Background to the decision On October 22, 2018, UniCredit notified the Garante of a data breach following a cyberattack on the online banking system for the mobile web channel which resulted in the illicit acquisition of the personal data of some customers. The personal data acquired included customer names, surnames, and the tax code and internal identification code of the bank, with the exclusion of the customer's bank details. UniCred