Unicredit he finished it yesterday before purchasing, stage of purchasing program of ordinary shares for a total of 2,5 (2,499) billion. The information was provided by Goldman Sachs International, as the appointed intermediary. The buyback program started last October and at the end of 2023, 1,4 billion had already been purchased. In detail, following the cancellation of treasury shares which occurred last January 16, the credit institution, led by Andrea Orcel, holds 37.815.422 treasury shares equal to 2,20% of the share capital, which it intends to cancel as established from the resolution of the shareholders' meeting of 27 October 2023.
Dividend: final value per share rises to 1,8029 euros, above the provisional of 1,7950
Now that the first tranche of the 2023 buy-back program has been completed, the value final of dividend per share referring to the 2023 financial year and which will be paid during 2024 was set at 1,8029 euros, more than the provisional figure of 1,7950 euros anticipated to the market on 29 February. The total amount of dividends that the bank has proposed to distribute to the shareholders' meeting is 3,014 billion euros.
In 2023, the bank's buyback program generated earnings per share (EPS) of 4,71 euros, tripling the average for the 2017-2019 period. The dividend per share (DPS) was 1,78 euros, recording a nine-fold increase compared to the average in the period 2017-2019. Furthermore, the Tangible Book Value per share rose to 33,3 euros, representing an increase of 46,0% compared to the average in the 2017-2019 period.
Il stock on the stock exchange it is decreasing. In the late morning it was at 36,53 euros with a loss of 1,29% against a growth of 0,02% in the entire list.
2,8 million fine from the Privacy Guarantor
According to observers, the news of the mega may also weigh on the price sanction da 2,8 million imposed yesterday at the institute in Piazza Gae Aulenti by Privacy guarantor for a violation of personal data (data breach) occurred in 2018, which involved thousands of customers and former clients.
From the checks carried out by the Authority - following the receipt of the data breach notification by the bank - it emerged that the violation had occurred due to a massive cyber attack, perpetrated by cybercriminals, to the mobile banking portal. The attack had caused the illicit acquisition of the name, surname, tax code and identification code of approximately 778 thousand customers and former customers and, for over 6.800 of the "attacked" customers, it had also led to the identification of the portal access PIN.
During the complex preliminary investigation, the Guarantor detected several violations of the privacy legislation. In particular, the Authority ascertained that the bank he had not adopted measures techniques and security capable of effectively countering any cyber attacks and preventing its customers from using weak PINs (such as those composed of sequences of numbers or coinciding with the date of birth). In defining the amount of the fine at 2 million and 800 thousand euros, the Guarantor took into account the high number of subjects involved in the personal data breach, the seriousness of the same and the economic capacity of the bank. However, the timely adoption of corrective measures, the information and support initiatives implemented for customers and the fact that the breach did not concern banking data were considered mitigating factors.
UniCredit responded to the sanction by underlining that the Guarantor's decision concerns an incident dating back to 2018 which affected a fraction of Italian customers without any compromise of bank data, an incident which was also immediately resolved and notified in compliance with current legislation. There bank will appeal the decision before the competent Court. “The security of customer data is an absolute priority for UniCredit, which as part of the Unlocked 2022-2024 industrial plan is investing 2,8 billion euros in technology and new skills, with the aim of making its IT systems, further strengthen security and expand the offering of digital services for customers,” we read in a note.
The guarantor also sanctions Ntt Data Italia, responsible for carrying out the security tests
With the adoption of a second provision the Authority also intervened against Ntt Data Italy, the company in charge of carrying out the safety tests, sanctioning it with a fine of 800 thousand euros. From the checks carried out by the Guarantor, it emerged in particular that Ntt Data Italia had communicated to UniCredit the violation of its customers' personal data beyond the deadline set by the Regulation and only after the bank had become aware of it through its own communication systems. internal monitoring. Furthermore, Ntt Data Italia had subcontracted the execution of vulnerability assessment and penetration testing activities to another company, without prior authorization from the bank as data controller, which instead had expressly prohibited the assignment to third parties parts of these activities.
Ntt Data's reply
Ntt Data Italia declares that "it could not in any way detect or be aware of a violation of personal data on the customer's systems, considering that the services for monitoring security infrastructures and detecting attempted cyber attacks (Threat Detection) thus such as those for managing IT incidents (Incident Handling) were not among the activities entrusted to it". Ntt Data Italia, "following an in-depth analysis of the provision issued by the Authority, has decided to appeal the decision before the competent Court".
