A breach at IT provider Almaviva exposed 2.3TB of FS Italiane Group’s data, later leaked on a dark web forum.
FS Italiane Group Hit by Massive Data Breach
Confidential and recent data, up to two months old, from the Ferrovie dello Stato Group . This data also includes part of the approximately 2.3 terabytes of data copied from the provider Almaviva following a cyber attack and published on a TOR network forum, but without creating any problems for the operation of critical services.
Almaviva immediately activated security and countermeasures through its specialized team, and ” the functionality and services of the affected systems,” the company communicated to Cybersecurity Italia, “remained regularly active, thanks to the business continuity measures and procedures specifically designed for this type of scenario.”
Specifically, this is business data of all kinds.
The threat actor claims, as first reported by Andrea Draghetti, a cyber threat intelligence expert, that the material includes internal shares, multi-company repositories, technical documentation, contracts with public bodies, HR archives, accounting data, and even complete datasets from several FS Group companies.
The competent authorities—the Public Prosecutor’s Office, the Postal Police, the National Agency for Cybersecurity, and the Italian Data Protection Authority—will shed light on the data leak.
Almaviva’s position: ” Critical services are fully operational.”
In recent weeks, our security monitoring services identified and subsequently isolated a cyberattack that affected our corporate systems, resulting in the theft of certain data.
Almaviva immediately activated security and response procedures through its specialized team for this type of incident, ensuring the protection and full operation of critical services.
At the same time, the relevant authorities—the Public Prosecutor’s Office, the Postal Police, the National Agency for Cybersecurity, and the Italian Data Protection Authority—were informed, and we are working closely with them, our partners, and other relevant entities to ensure maximum coordination in monitoring, investigation, and response activities.
Prince said the model relies on a “feature” configuration file to make a prediction on whether a bot request was automated or not. The feature file is refreshed every few minutes, and a change in the underlying mechanism generating that file caused a change in its size that triggered the error. “As a result, HTTP 5xx error codes were returned by the core proxy system that handles traffic processing for our customers, for any traffic that depended on the bots module,” Prince wrote.
The functionality and services of the affected systems remained fully operational, thanks to the business continuity measures and procedures specifically designed for this type of scenario.
Data security and the protection of our customers, partners, and collaborators remain our top priority, and we will promptly communicate any relevant developments, while maintaining the confidentiality of ongoing investigations, in accordance with the principles of responsibility and transparency.
