The Intesa Sanpaolo data breach was not just the result of unauthorized access, it was a failure of detection that lasted for more than two years. In an exclusive response to The Cyber Express, Italy’s data protection authority has now clarified that the bank’s monitoring systems were not equipped to identify repeated, low-volume misuse of access over time.

The Intesa Sanpaolo data breach, which has already led to a €31.8 million fine, involved a single employee accessing the data of over 3,500 customers without any valid business reason.

While earlier findings established the scale of the incident, the latest response explains why it continued undetected for so long. Intesa Sanpaolo Data ...