Italy’s largest lender has learned that attacks on an external commercial partner have left 400,000 customer records exposed.

The data breach took place in September and October of 2016 and again in June and July of this year. While no passwords were stolen, personal data and account information could have been accessed. Because the bank immediately implemented security measures, it was able to prevent repeat cyber intrusions; none of the data accessed by attackers led to any financial transactions.

Read the full story here.