Italian certification authority InfoCert reports third party data breach

InfoCert, a European certification authority and digital identity service provider based in Italy, is reporting a data breach affecting its customer base. InfoCert manages approximately 1.8 million active SPID (Public Digital Identity System) identities and is one of 12 accredited providers in a system that serves 39 million active SPID users. The company is part of the Tinexta Group and specializes in IT security, digital signatures, and digital identity services.

The breach occurred through the systems of a third-party supplier that maintained customer registrations. InfoCert has emphasized that their own systems were not directly compromised, and no service access credentials or passwords were exposed.

The incident has resulted in the unauthorized access and theft of personal information belonging to 5.5 million customers. The exposed data includes:

• Full names
• Tax codes
• Phone numbers
• Email addresses

The stolen data has reportedly been advertised on a dark web forum, with the complete database being offered for sale, though the asking price was not disclosed in the public notification.

InfoCert has stated they are conducting an investigation and will report the incident to relevant authorities.