UniCredit has just announced in an official statement that its servers were breached by hackers, with details of approximately 400,000 clients said to be exposed.

The bank explained that hackers managed to get inside its systems in Italy twice in the last 12 months. The first hack took place in September and October 2016, while the second attack happened in June and July this year, with the latter discovered by the company’s security department, triggering an in-depth investigation.

UniCredit says the breach was possible through a third-party working with customer data related to personal loans, so hackers were likely capable of accessing information like name, addresses, and IBAN numbers. Passwords were not compromised, and no unauthorized transactions were detected.

“UniCredit has launched an audit and has informed all the relevant authorities. In the morning, UniCredit will also file a claim with the Milan Prosecutor's office. The bank has also taken immediate remedial action to close this breach,” the company says in a statement today.

Police investigation already under way

No hacking group claimed the breach, and there’s a good chance that the identity of the attackers will never be determined, though the bank says that it has already started an internal investigation and will contact the Milan Prosecutor’s office in this regard.

“For immediate information, customers should contact UniCredit's dedicated toll-free number 800 323285 or their regular branch customer services team. In addition, UniCredit will be contacting affected customers through specific channels, not including email or phone calls,” UniCredit explains.

Little is known about the attack itself, but there’s a good chance it’s not related in any way to the recent ransomware outbursts that impacted tens of banks and other companies across the world. Ransomware known as WannaCry and Petya encrypted files on thousands of systems across the world, including financial institutions in Europe and the United States.

UniCredit says that it managed to detect the unauthorized access earlier this month, blocking the hackers and upgrading systems to prevent further breaches.