Data from Italy’s nationwide railway operator, the FS Italiane Group, has been uncovered after a menace actor breached the group’s IT providers supplier, Almaviva.
The hacker claims to have stolen 2.3 terabytes of information and leaked it on a darkish internet discussion board. In keeping with the menace actor’s description, the leak contains confidential paperwork and delicate firm info.
Almaviva is a big Italian firm that operates globally, offering providers comparable to software program design and growth, system integration, IT consulting, and buyer relationship administration (CRM) merchandise.
Andrea Draghetti, Head of Cyber Menace Intelligence at D3Lab, says the leaked knowledge is current, and contains paperwork from the third quarter of 2025. The skilled dominated out the chance that the information have been recycled from a Hive ransomware assault in 2022.
“The menace actor claims the fabric contains inner shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting knowledge, and even full datasets from a number of FS Group corporations,” Draghetti says.
“The construction of the dump, organized into compressed archives by division/firm, is absolutely according to the modus operandi of ransomware teams and knowledge brokers lively in 2024–2025,” the cybersecurity skilled added.
Supply: Andrea Draghetti
Almaviva is a serious IT providers supplier with over 41,000 staff throughout virtually 80 branches in Italy and overseas, and an annual turnover of $1.4 billion final yr.
FS Italiane Group (FS) is a 100% state-owned railway operator and one of many largest industrial corporations within the nation, with greater than $18 billion in annual income. It manages railway infrastructure, passenger and freight rail transport, and in addition bus providers and logistics chains.
Whereas BleepingComputer’s press requests to each Almaviva and FS went unanswered, the IT agency finally confirmed the breach by way of a press release to native media.
“In current weeks, the providers devoted to security monitoring recognized and subsequently remoted a cyberattack that affected our company methods, ensuing within the theft of some knowledge,” Almaviva mentioned.
“Almaviva instantly activated security and counter-response procedures via its specialised workforce for this kind of incident, making certain the safety and full operability of essential providers.”
The corporate additionally acknowledged that it has knowledgeable authorities within the nation, together with the police, the nationwide cybersecurity company, and the nation’s knowledge safety authority. An investigation into the incident is ongoing with assist and steerage from authorities businesses.
Almaviva promised to transparently present updates as extra info emerges from the investigation.
At the moment, it’s unclear if passenger info is current within the knowledge leak or if the data breach is impacting different shoppers past FS.
BleepingComputer has contacted Almaviva with extra questions, however we’ve got not acquired a response by publication time.
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and knowledge, security groups are transferring quick to maintain these new providers secure.
This free cheat sheet outlines 7 greatest practices you can begin utilizing right now.
