Data from Italy’s nationwide railway operator, the FS Italiane Group, has been uncovered after a risk actor breached the group’s IT companies supplier, Almaviva.
The hacker claims to have stolen 2.3 terabytes of knowledge and leaked it on a darkish net discussion board. In line with the risk actor’s description, the leak consists of confidential paperwork and delicate firm data.
Almaviva is a big Italian firm that operates globally, offering companies reminiscent of software program design and growth, system integration, IT consulting, and buyer relationship administration (CRM) merchandise.
Andrea Draghetti, Head of Cyber Menace Intelligence at D3Lab, says the leaked knowledge is latest, and consists of paperwork from the third quarter of 2025. The professional dominated out the chance that the recordsdata had been recycled from a Hive ransomware assault in 2022.
“The risk actor claims the fabric consists of inner shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting knowledge, and even full datasets from a number of FS Group firms,” Draghetti says.
“The construction of the dump, organized into compressed archives by division/firm, is totally per the modus operandi of ransomware teams and knowledge brokers energetic in 2024–2025,” the cybersecurity professional added.
Supply: Andrea Draghetti
Almaviva is a serious IT companies supplier with over 41,000 workers throughout nearly 80 branches in Italy and overseas, and an annual turnover of $1.4 billion final 12 months.
FS Italiane Group (FS) is a 100% state-owned railway operator and one of many largest industrial firms within the nation, with greater than $18 billion in annual income. It manages railway infrastructure, passenger and freight rail transport, and likewise bus companies and logistics chains.
Whereas BleepingComputer’s press requests to each Almaviva and FS went unanswered, the IT agency ultimately confirmed the breach through an announcement to native media.
“In latest weeks, the companies devoted to security monitoring recognized and subsequently remoted a cyberattack that affected our company techniques, ensuing within the theft of some knowledge,” Almaviva mentioned.
“Almaviva instantly activated security and counter-response procedures by way of its specialised staff for the sort of incident, making certain the safety and full operability of vital companies.”
The corporate additionally said that it has knowledgeable authorities within the nation, together with the police, the nationwide cybersecurity company, and the nation’s knowledge safety authority. An investigation into the incident is ongoing with assist and steering from authorities businesses.
Almaviva promised to transparently present updates as extra data emerges from the investigation.
At present, it’s unclear if passenger data is current within the knowledge leak or if the data breach is impacting different purchasers past FS.
BleepingComputer has contacted Almaviva with extra questions, however we’ve not acquired a response by publication time.
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and knowledge, security groups are transferring quick to maintain these new companies secure.
This free cheat sheet outlines 7 finest practices you can begin utilizing at present.
