Intesa Sanpaolo has been fined €31.8 million by the Italian Data Protection Authority (Garante della Privacy) for failing to prevent an employee from spying on thousands of bank accounts, including those of politicians and celebrities. The Authority found that the bank violated the standards of personal data integrity and confidentiality by allowing certain operators to access all client data through its systems. Furthermore, the Authority believes the bank violated the concept of accountability, which requires businesses that handle personal data to follow standards in accordance with European legislation. The matter arose in 2024, when an unusual amount of access to specific bank accounts were recorded. The accesses were determined to have been made by Vincenzo Coviello, an employee of the Bitonto branch in Puglia, who is now being investigated for unlawful access to IT systems and attempted procurement of state security information. The Guarantor considered the severity and duration of the violations, the vast number of customers implicated (6,637 accesses to the accounts of 3,573 people), and the institution's corrective steps in response to the occurrences when establishing the amount of the fine. Intesa is Italy's largest bank, with a market capitalization of more than €100 billion.