Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Intesa Sanpaolo

Intesa Sanpaolo Vendor Cyber Rating & Cyber Score

intesasanpaolo.com

Intesa Sanpaolo è il maggior gruppo bancario in Italia con una significativa presenza internazionale. Il suo business model distintivo la rende leader a livello europeo nel Wealth Management, Protection & Advisory e ne caratterizza l’orientamento al digitale. I’impegno in ambito ESG prevede, entro il 2025, €115 miliardi di finanziamenti impact e contributi per 500 milioni a supporto delle persone in difficoltà. Gallerie d’Italia, è la sede espositiva del patrimonio artistico della banca e di progetti artistici di riconosciuto valore. https://group.intesasanpaolo.com/it/ _______________ Intesa Sanpaolo is the largest banking group in Italy with a significant international presence. Its distinctive business model makes it a European leader


Intesa Sanpaolo A.I CyberSecurity Scoring

Intesa Sanpaolo
Company Information
Website:http://www.group.intesasanpaolo.com
Employees number:54,522
Number of followers:608,599
NAICS:52211
Industry Type:Banking
Homepage:intesasanpaolo.com
Intesa Sanpaolo Risk Score (AI oriented)
Between 600 and 649
logo
Intesa SanpaoloBanking
Updated:
02/04/2026
624/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Intesa Sanpaolo Global Score (TPRM)
xxxx
logo
Intesa SanpaoloBanking
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Intesa Sanpaolo
Intesa SanpaoloPoor
Current Score
624Caa (POOR)
01000
5 incidents
-56 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
651Before Incident
JUNE 2026
646Before Incident
MAY 2026
637Before Incident
APRIL 2026
624Before Incident
MARCH 2026
700Before Incident
Breach
30 Mar 2026Intesa Sanpaolo
Intesa Sanpaolo: Italy data protection agency fines Intesa Sanpaolo $36 mln over data breach

Intesa Sanpaolo Data Breach and GDPR Violation

626After Incident
CRITICAL-74
INT1774888779
Italian Data Protection Authority Fines Intesa Sanpaolo €36 Million for Major Data Breach Italy’s data protection authority (Garante per la Protezione dei Dati Personali) has imposed a €36 million fine on Intesa Sanpaolo, one of the country’s largest banking groups, following a significant data breach. The penalty stems from violations of the EU’s General Data Protection Regulation (GDPR), including inadequate security measures that exposed sensitive customer data. The breach, which came to light in 2025, involved unauthorized access to personal and financial information of millions of Intesa Sanpaolo customers. While the exact timeline of the incident remains undisclosed, the regulator determined that the bank failed to implement sufficient safeguards to prevent the exposure, leading to the hefty fine. The case underscores the growing scrutiny of financial institutions over GDPR compliance, particularly in handling large-scale customer data. Intesa Sanpaolo has not publicly disputed the fine but has indicated plans to enhance its cybersecurity protocols in response. The decision serves as a reminder of the legal and financial consequences for organizations failing to protect user data under EU privacy laws.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Financial Loss: €36 million (fine)Data Compromised: Personal and financial informationBrand Reputation Impact: Likely significantLegal Liabilities: GDPR violationIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Personal informationFinancial informationNumber Of Records Exposed: MillionsSensitivity Of Data: HighPersonally Identifiable Information: Yes
FEBRUARY 2026
696Before Incident
JANUARY 2026
693Before Incident
DECEMBER 2025
728Before Incident
Breach
22 Dec 2025Intesa Sanpaolo
AOL, Yahoo and IAB Transparency & Consent Framework: guce

690After Incident
LOW-38
INTYAHIAB1766434075
Major Data Collection Practices Revealed by Leading Digital Publishers A recent disclosure highlights how over 1,000 companies—including 242 participating in the IAB Transparency & Consent Framework (TCF)—collect and process user data across websites and apps. These entities store and access device information (such as cookies) and leverage precise geolocation data, IP addresses, browsing history, and search activity for purposes like analytics, personalized advertising, content measurement, and audience research. The data collection spans multiple platforms, including Yahoo, AOL, Engadget, In The Know, and Makers, and tracks metrics like visitor counts, device types (iOS/Android), browser usage, and session duration. While aggregated and not tied to individual users, the practice raises transparency concerns, particularly given the scale of third-party involvement. Users retain the ability to withdraw consent or adjust preferences via "Privacy & Cookie Settings" or "Privacy Dashboard" links on these platforms. However, the disclosure underscores the extensive reach of data-sharing networks in digital advertising and content delivery, with implications for user privacy and regulatory compliance. The incident reflects broader industry trends in cross-site tracking and targeted advertising, where consent frameworks play a central role in managing data access.
INCIDENT DETAILS -
TYPE
Data Collection and Tracking
MOTIVATION
Analytics, Personalized Advertising, Content Measurement, Audience Research
IMPACT
Data Compromised: Device information, geolocation data, IP addresses, browsing and search dataSystems Affected: Websites and apps owned and operated by Yahoo, AOL, Engadget, In The Know, MakersIdentity Theft Risk: Potential risk due to collection of personal data
DATA BREACH
Type Of Data Compromised: Device information, geolocation data, IP addresses, browsing and search dataSensitivity Of Data: High (personal data including precise geolocation and browsing history)Personally Identifiable Information: Yes (IP address, browsing and search data, geolocation)
NOVEMBER 2025
727Before Incident
OCTOBER 2025
725Before Incident
SEPTEMBER 2025
723Before Incident
AUGUST 2025
721Before Incident
JULY 2024
748Before Incident
Breach
01 Jul 2024Intesa Sanpaolo
Intesa Sanpaolo: Italian regulator fines financial giant $36 million for data protection failures

Italian Regulators Fine Intesa Sanpaolo €31.8M for Unauthorized Customer Data Access

690After Incident
CRITICAL-58
INT1774895581
Italian Regulators Fine Intesa Sanpaolo €31.8M for Unauthorized Customer Data Access Italian regulators imposed a €31.8 million ($36 million) fine on Intesa Sanpaolo, one of the country’s largest financial institutions, for improperly accessing the banking data of over 3,500 customers over a two-year period. The Italian Data Protection Authority (DPA) cited "serious shortcomings in personal data security" due to inadequate technical and organizational safeguards. The investigation, triggered by a data breach disclosed by the bank in July 2024, revealed that an employee accessed the accounts of 3,573 customers between February 2022 and April 2024 without legitimate justification. The DPA noted that internal controls failed to detect these unauthorized accesses, exposing critical weaknesses in monitoring and prevention mechanisms. The bank’s system allowed unrestricted queries of the entire customer database, lacking sufficient safeguards to flag improper activity. Among the affected customers were "high-risk" individuals, including public figures, whom the regulator stated should have been subject to enhanced protections. The DPA also criticized Intesa Sanpaolo’s response to the breach, citing incomplete and delayed notifications to impacted customers, which violated legal deadlines. The fine reflects the severity and duration of the violations, the number of affected individuals, and the bank’s post-discovery remediation efforts. Intesa Sanpaolo has not publicly commented on the penalty.
INCIDENT DETAILS -
TYPE
Unauthorized Data Access
IMPACT
Financial Loss: €31.8M fineData Compromised: Banking data of 3,573 customersSystems Affected: Customer databaseOperational Impact: Weaknesses in monitoring and prevention mechanismsBrand Reputation Impact: YesLegal Liabilities: Regulatory fines and violationsIdentity Theft Risk: YesPayment Information Risk: Yes
DATA BREACH
Type Of Data Compromised: Banking data, personally identifiable informationNumber Of Records Exposed: 3,573Sensitivity Of Data: High (included high-risk individuals such as public figures)Personally Identifiable Information: Yes
JANUARY 2024
799Before Incident
Breach
01 Jan 2024Intesa Sanpaolo
Intesa Sanpaolo: Intesa Sanpaolo Missed Unauthorized Access for 2 Years, Regulator Reveals

Intesa Sanpaolo Data Breach: Two-Year Undetected Insider Threat Exposes Monitoring Failures

740After Incident
CRITICAL-59
INT1775118228
Intesa Sanpaolo Data Breach: Two-Year Undetected Insider Threat Exposes Monitoring Failures Italy’s Intesa Sanpaolo bank faced a €31.8 million fine after a single employee accessed the personal data of over 3,500 customers including politically exposed and high-profile individuals without authorization over a period of more than two years. The breach, uncovered by Italy’s Data Protection Authority (Garante per la Protezione dei Dati Personali), revealed critical gaps in the bank’s monitoring systems, which failed to detect the slow, repeated misuse of access. According to Secretary General Luigi Montuori, the bank’s controls were ill-equipped to identify low-volume, time-distributed unauthorized access, a common blind spot in enterprise security. Rather than triggering alerts through large or unusual spikes, the employee’s activity remained undetected by relying on gradual, dispersed patterns a flaw in systems that prioritize volume over behavioral anomalies. While there is no confirmed evidence of data exfiltration or external misuse, the regulator deemed the prolonged unauthorized access a high-risk violation, reflecting a broader shift in enforcement where exposure alone warrants regulatory action. The breach prompted Intesa Sanpaolo to implement post-incident measures, including enhanced monitoring, stricter access controls, and dedicated task forces for anomaly detection. However, these safeguards were introduced only after the damage had already occurred. The case underscores the challenges of insider threats, particularly in sectors where broad internal access to sensitive data is standard. The failure to flag repeated access to high-profile individuals highlights systemic issues in risk definition and monitoring, serving as a warning for organizations relying on traditional detection methods. The incident’s implications extend beyond banking, demonstrating how insider threats often evade detection until it’s too late.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Financial Loss: €31.8 million (fine)Data Compromised: Personal data of over 3,500 customersOperational Impact: Enhanced monitoring and stricter access controls implemented post-incidentBrand Reputation Impact: HighLegal Liabilities: Regulatory violationIdentity Theft Risk: High (politically exposed and high-profile individuals)
DATA BREACH
Type Of Data Compromised: Personal dataNumber Of Records Exposed: 3,500+Sensitivity Of Data: High (politically exposed and high-profile individuals)Data Exfiltration: No confirmed evidencePersonally Identifiable Information: Yes
FEBRUARY 2022
825Before Incident
Breach
01 Feb 2022Intesa Sanpaolo
Intesa Sanpaolo: Italy data protection agency fines Intesa Sanpaolo $36 mln over data breach

Intesa Sanpaolo Fined for Undetected Employee Data Breach Affecting 3,573 Customers

785After Incident
CRITICAL-40
INT1774888625
Intesa Sanpaolo Fined for Undetected Employee Data Breach Affecting 3,573 Customers Italy’s data protection authority, the Garante, has imposed a fine on Intesa Sanpaolo after an internal investigation revealed a prolonged breach of customer data by one of its employees. Between February 2022 and April 2024, the employee accessed the banking information of 3,573 clients, conducting over 6,600 unauthorized consultations all without detection by the bank’s internal controls. The Garante highlighted critical flaws in Intesa Sanpaolo’s monitoring systems, noting that the breach included high-profile individuals who should have been subject to stricter safeguards. While the bank has since implemented corrective measures to bolster its data security, the authority factored these improvements into its penalty decision. Intesa Sanpaolo has not yet responded to requests for comment. The case underscores persistent vulnerabilities in financial institutions’ ability to prevent insider threats.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Banking information of 3,573 clientsOperational Impact: Critical flaws in monitoring systemsBrand Reputation Impact: YesLegal Liabilities: Fines imposed by GaranteIdentity Theft Risk: YesPayment Information Risk: Yes
DATA BREACH
Type Of Data Compromised: Banking informationNumber Of Records Exposed: 3,573 clients, 6,600 unauthorized consultationsSensitivity Of Data: High (included high-profile individuals)Personally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Intesa Sanpaolo ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Intesa Sanpaolo's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Intesa Sanpaolo ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Intesa Sanpaolo's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?