Intesa Sanpaolo A.I CyberSecurity Scoring
Intesa Sanpaolo
Company Information
Website:http://www.group.intesasanpaolo.com
Employees number:54,522
Number of followers:608,599
NAICS:52211
Industry Type:Banking
Homepage:intesasanpaolo.com
Intesa Sanpaolo Risk Score (AI oriented)
Between 600 and 649
Intesa SanpaoloBanking
Updated:
02/04/2026
02/04/2026
624/1000
Poor
Caa
Intesa Sanpaolo Global Score (TPRM)
xxxx
Intesa SanpaoloBanking
Score locked

Intesa SanpaoloPoor
Current Score
624Caa (POOR)
01000
5 incidents
-56 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
651
JUNE 2026
646
MAY 2026
637
APRIL 2026
624
MARCH 2026
700
Breach
30 Mar 2026 • Intesa Sanpaolo
Intesa Sanpaolo: Italy data protection agency fines Intesa Sanpaolo $36 mln over data breach
Intesa Sanpaolo Data Breach and GDPR Violation
626
CRITICAL-74
INT1774888779
Italian Data Protection Authority Fines Intesa Sanpaolo €36 Million for Major Data Breach
Italy’s data protection authority (Garante per la Protezione dei Dati Personali) has imposed a €36 million fine on Intesa Sanpaolo, one of the country’s largest banking groups, following a significant data breach. The penalty stems from violations of the EU’s General Data Protection Regulation (GDPR), including inadequate security measures that exposed sensitive customer data.
The breach, which came to light in 2025, involved unauthorized access to personal and financial information of millions of Intesa Sanpaolo customers. While the exact timeline of the incident remains undisclosed, the regulator determined that the bank failed to implement sufficient safeguards to prevent the exposure, leading to the hefty fine.
The case underscores the growing scrutiny of financial institutions over GDPR compliance, particularly in handling large-scale customer data. Intesa Sanpaolo has not publicly disputed the fine but has indicated plans to enhance its cybersecurity protocols in response. The decision serves as a reminder of the legal and financial consequences for organizations failing to protect user data under EU privacy laws.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
696
JANUARY 2026
693
DECEMBER 2025
728
Breach
22 Dec 2025 • Intesa Sanpaolo
AOL, Yahoo and IAB Transparency & Consent Framework: guce
690
LOW-38
INTYAHIAB1766434075
Major Data Collection Practices Revealed by Leading Digital Publishers
A recent disclosure highlights how over 1,000 companies—including 242 participating in the IAB Transparency & Consent Framework (TCF)—collect and process user data across websites and apps. These entities store and access device information (such as cookies) and leverage precise geolocation data, IP addresses, browsing history, and search activity for purposes like analytics, personalized advertising, content measurement, and audience research.
The data collection spans multiple platforms, including Yahoo, AOL, Engadget, In The Know, and Makers, and tracks metrics like visitor counts, device types (iOS/Android), browser usage, and session duration. While aggregated and not tied to individual users, the practice raises transparency concerns, particularly given the scale of third-party involvement.
Users retain the ability to withdraw consent or adjust preferences via "Privacy & Cookie Settings" or "Privacy Dashboard" links on these platforms. However, the disclosure underscores the extensive reach of data-sharing networks in digital advertising and content delivery, with implications for user privacy and regulatory compliance. The incident reflects broader industry trends in cross-site tracking and targeted advertising, where consent frameworks play a central role in managing data access.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
727
OCTOBER 2025
725
SEPTEMBER 2025
723
AUGUST 2025
721
JULY 2024
748
Breach
01 Jul 2024 • Intesa Sanpaolo
Intesa Sanpaolo: Italian regulator fines financial giant $36 million for data protection failures
Italian Regulators Fine Intesa Sanpaolo €31.8M for Unauthorized Customer Data Access
690
CRITICAL-58
INT1774895581
Italian Regulators Fine Intesa Sanpaolo €31.8M for Unauthorized Customer Data Access
Italian regulators imposed a €31.8 million ($36 million) fine on Intesa Sanpaolo, one of the country’s largest financial institutions, for improperly accessing the banking data of over 3,500 customers over a two-year period. The Italian Data Protection Authority (DPA) cited "serious shortcomings in personal data security" due to inadequate technical and organizational safeguards.
The investigation, triggered by a data breach disclosed by the bank in July 2024, revealed that an employee accessed the accounts of 3,573 customers between February 2022 and April 2024 without legitimate justification. The DPA noted that internal controls failed to detect these unauthorized accesses, exposing critical weaknesses in monitoring and prevention mechanisms. The bank’s system allowed unrestricted queries of the entire customer database, lacking sufficient safeguards to flag improper activity.
Among the affected customers were "high-risk" individuals, including public figures, whom the regulator stated should have been subject to enhanced protections. The DPA also criticized Intesa Sanpaolo’s response to the breach, citing incomplete and delayed notifications to impacted customers, which violated legal deadlines.
The fine reflects the severity and duration of the violations, the number of affected individuals, and the bank’s post-discovery remediation efforts. Intesa Sanpaolo has not publicly commented on the penalty.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2024
799
Breach
01 Jan 2024 • Intesa Sanpaolo
Intesa Sanpaolo: Intesa Sanpaolo Missed Unauthorized Access for 2 Years, Regulator Reveals
Intesa Sanpaolo Data Breach: Two-Year Undetected Insider Threat Exposes Monitoring Failures
740
CRITICAL-59
INT1775118228
Intesa Sanpaolo Data Breach: Two-Year Undetected Insider Threat Exposes Monitoring Failures
Italy’s Intesa Sanpaolo bank faced a €31.8 million fine after a single employee accessed the personal data of over 3,500 customers including politically exposed and high-profile individuals without authorization over a period of more than two years. The breach, uncovered by Italy’s Data Protection Authority (Garante per la Protezione dei Dati Personali), revealed critical gaps in the bank’s monitoring systems, which failed to detect the slow, repeated misuse of access.
According to Secretary General Luigi Montuori, the bank’s controls were ill-equipped to identify low-volume, time-distributed unauthorized access, a common blind spot in enterprise security. Rather than triggering alerts through large or unusual spikes, the employee’s activity remained undetected by relying on gradual, dispersed patterns a flaw in systems that prioritize volume over behavioral anomalies.
While there is no confirmed evidence of data exfiltration or external misuse, the regulator deemed the prolonged unauthorized access a high-risk violation, reflecting a broader shift in enforcement where exposure alone warrants regulatory action. The breach prompted Intesa Sanpaolo to implement post-incident measures, including enhanced monitoring, stricter access controls, and dedicated task forces for anomaly detection. However, these safeguards were introduced only after the damage had already occurred.
The case underscores the challenges of insider threats, particularly in sectors where broad internal access to sensitive data is standard. The failure to flag repeated access to high-profile individuals highlights systemic issues in risk definition and monitoring, serving as a warning for organizations relying on traditional detection methods. The incident’s implications extend beyond banking, demonstrating how insider threats often evade detection until it’s too late.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2022
825
Breach
01 Feb 2022 • Intesa Sanpaolo
Intesa Sanpaolo: Italy data protection agency fines Intesa Sanpaolo $36 mln over data breach
Intesa Sanpaolo Fined for Undetected Employee Data Breach Affecting 3,573 Customers
785
CRITICAL-40
INT1774888625
Intesa Sanpaolo Fined for Undetected Employee Data Breach Affecting 3,573 Customers
Italy’s data protection authority, the Garante, has imposed a fine on Intesa Sanpaolo after an internal investigation revealed a prolonged breach of customer data by one of its employees. Between February 2022 and April 2024, the employee accessed the banking information of 3,573 clients, conducting over 6,600 unauthorized consultations all without detection by the bank’s internal controls.
The Garante highlighted critical flaws in Intesa Sanpaolo’s monitoring systems, noting that the breach included high-profile individuals who should have been subject to stricter safeguards. While the bank has since implemented corrective measures to bolster its data security, the authority factored these improvements into its penalty decision.
Intesa Sanpaolo has not yet responded to requests for comment. The case underscores persistent vulnerabilities in financial institutions’ ability to prevent insider threats.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Intesa Sanpaolo ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in June 2026 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in May 2026 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in April 2026 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in March 2026 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in February 2026 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in January 2026 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in December 2025 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in November 2025 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in October 2025 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in September 2025 ??
What was Intesa Sanpaolo's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Intesa Sanpaolo's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Intesa Sanpaolo ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Intesa Sanpaolo's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?