Italian cloud provider Westpole impacted by ransomware attack, failing public services
Take action: This is the third major incident of a cloud provider that fails operations and loses customer data in the year. Although practically difficult and expensive, such events are a reminder for companies to consider some level of diversification between providers or multi-cloud backups to be able to recover some data on another provider.
Learn More
On December 8, 2023, Westpole, an Italian cloud service provider catering to public administration, suffered a cyberattack impacting its client, PA Digitale, which delivers services to 1300 public entities including 540 municipalities through its platform Urbi. Following the attack, which is suspected to be a ransomware incident involving Lockbit 3.0, Westpole alerted privacy regulators and the Italian police.
The attack disrupted services provided by numerous public administrations and municipalities, many of which had to revert to manual operations. The Italian cybersecurity agency Agenzia per la Cybersicurezza Nazionale (ACN) is working on data recovery for affected organizations. There were concerns that the cyberattack might hinder the payment of December salaries for some government employees, but the ACN has since confirmed that over 700 public entities linked to PA Digitale's supply chain have had their data recovered.
Around 1000 other entities still await data recovery for the three days prior to the attack. The ACN reassured that the recovery efforts would prevent any disruption in salary payments for local administration employees.
The total damage from the ransomware attack remains unclear. So far Westpole has restored only half of its systems, indicating a challenging recovery process ahead. There's uncertainty regarding Westpole's capability to fully restore all impacted systems, and concerns remain over the potential impact on public administrations' ability to deliver services and meet obligations to employees.
Despite initial claims by Westpole that no data was exfiltrated, the involvement of Lockbit 3.0 in the attack raises doubts about data security. This incident marks a significant cyberattack on the Italian public administration, underscoring the ongoing threats in the cybersecurity landscape.
This is a third major incident of a cloud provider this year, with ransomware previously hitting Ongoing Operations and over 60 credit unions as their customers as well as CloudNordic, whose servers were completely wiped and data lost.
