Violation of privacy

Intesa accounts spied on, employee: 'I acted on my own initiative, data not disclosed'. The bank: we are the injured party

Vincenzo Coviello's version of events and Intesa Sanpaolo's statement

14 October 2024

La filiale Intesa San Paolo dove lavorava l'uomo indagato per aver spiato i conti delle sorelle Meloni, Bitonto (Bari), 11 Ottobre 2024.

2' min read

"I have acted on my own initiative and have never printed or retained copies of account information, just as I have not disclosed the data viewed to anyone and have stopped accessing customer accounts since October 2023", after a confrontation with his manager, who challenged him on the abusive accesses discovered by the bank during the audit.

This is, in short, the version of the facts of Vincenzo Coviello, the Intesa Sanpaolo employee (dismissed on 8 August) contained in a letter of complaint that the bank notified to the 52-year-old on 4 July after discovering thousands of abusive accesses to the current accounts of thousands of customers. In reality, the bank contends in the letter, Coviello continued to spy on the accounts, as if nothing had happened. It emerges from the bank's records that from November 2023 to April 2024, Coviello carried out 347 abusive accesses by interrogating the accounts of 261 customers he did not manage.

Investigated Intesa: spied account customers assess compensation

Intesa Sanpaolo is formally under investigation in the investigation against Vincenzo Coviello, the former employee who, over a period of 26 months, illegally accessed the current accounts and credit cards of 3572 account holders at 679 branches. The bank, according to the investigators, allegedly violated Law 231 of 2001 on the administrative liability of legal persons. The institution, according to the prosecutors, did not promptly report the abusive accesses to the investigators. After the scandal, the lawyers of some of Coviello's victim customers requested information from the Public Prosecutor's Office in order to assess the establishment of a civil plaintiff or civil lawsuits against the bank.

The Intesa Sanpaolo Statement

An Intesa Sanpaolo spokesperson states that the bank has not received any communication from the judicial authorities and emphasises that the bank has

could proceed with the notification to the Privacy Authority and the complaint to the Public Prosecutor's Office of Bari as an injured party within the timeframe made possible by an extensive and thorough process aimed at reconstructing what happened.

Once the internal control structure highlighted the anomalies, the disciplinary procedure and the analysis of the facts immediately started, which required a complex and extensive reconstruction of what had happened. In the meantime, the Bank suspended the employee as a precautionary measure and proceeded to initiate talks with the Privacy Authority, subsequently supplementing the initial notification with developments in the matter.

The complex analysis of the facts and the consequent completion of the disciplinary procedure - in compliance with the procedures to guarantee and protect the worker - led to the dismissal in light of the serious and repeated violations of rules, regulations and internal procedures committed by the worker. Only at the end of all this was the Bank finally able to proceed to file a complaint as an injured party, on the basis of the statement of facts as reconstructed before the judicial authorities. As always, the Bank's behaviour will be based on maximum cooperation with the authorities.

Brand connect

I prossimi eventi

Tutti gli eventi

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Finance