Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Italian IT provider breach. Show all posts
ransomware data leak
Almaviva cyberattack Data Breach FS Italiane Italian IT provider breach Italy railway hack ransomware data leak

Massive Data Breach Hits Italy’s FS Italiane After Cyberattack on IT Provider Almaviva

 

Data belonging to Italy’s state-owned railway operator, the FS Italiane Group, has been exposed after a cybercriminal infiltrated the systems of its IT partner, Almaviva.

The attacker claims to have exfiltrated a massive 2.3 terabytes of information, later publishing the stolen files on a dark web forum. The individual behind the breach alleges that the dump contains confidential records and sensitive corporate material.

Almaviva, a major global IT and digital services company, provides solutions ranging from software development and systems integration to consulting and CRM platforms. According to Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, the compromised data appears to be recent and includes documents dating back to the third quarter of 2025. He dismissed speculation that the files originated from the 2022 Hive ransomware incident.

"The threat actor claims the material includes internal shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting data, and even complete datasets from several FS Group companies," Draghetti says.
"The structure of the dump, organized into compressed archives by department/company, is fully consistent with the modus operandi of ransomware groups and data brokers active in 2024–2025," he added.

Almaviva employs more than 41,000 people across nearly 80 global locations and reported $1.4 billion in revenue last year. FS Italiane, entirely owned by the Italian government, is among the nation’s largest industrial enterprises, generating over $18 billion annually through its rail, transport, and logistics services.

Although initial press queries from BleepingComputer went unanswered, Almaviva later confirmed the breach in statements provided to local outlets.

“In recent weeks, the services dedicated to security monitoring identified and subsequently isolated a cyberattack that affected our corporate systems, resulting in the theft of some data,” Almaviva said.

“Almaviva immediately activated security and counter-response procedures through its specialized team for this type of incident, ensuring the protection and full operability of critical services.”

The company added that it has notified relevant authorities, including law enforcement, Italy’s national cybersecurity agency, and the data protection authority. Government bodies are currently assisting with the ongoing investigation.

Almaviva has committed to sharing further updates as more findings become available.

It remains unknown whether any passenger information was included in the stolen data or if the breach has affected additional Almaviva clients. BleepingComputer has sent follow-up questions, but no response had been received as of publication.

In another public communication, Almaviva reiterated that it had isolated the cyberattack, stating that it resulted in “the theft of some data.”

"Almaviva immediately activated safety and response procedures through its specialized team for this type of incident, ensuring the protection and full operation of critical services," the company stated, emphasizing that business continuity plans prevented disruptions to its operations.
Read more »
Subscribe to: Comments (Atom)