Italian IT Provider Almaviva reports cyberattack exposing 2.3TB of railway operator data
Learn More
Almaviva SpA, an Italian IT services provider with global operations and over 41,000 employees across 80 branches, reports a cyberattack on its corporate systems that resulted in the theft and subsequent leak of approximately 2.3 terabytes of data.
The breach primarily affected data belonging to its major client, FS Italiane Group, Italy's state-owned national railway operator. The hackers published the stolen data on a dark web forum, organized into compressed archives by department and company. According to cybersecurity experts who analyzed the leaked materials, the attack's structure is consistent with the modus operandi of ransomware groups.
The compromised data includes confidential information affecting multiple subsidiaries of the FS Group, including Trenitalia, Rete Ferroviaria Italiana, Mercitalia Intermodal, GrandiStazioni, FS Technology, and many other entities. Analysis by Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, confirmed that the leaked materials are recent, containing fiscal, administrative, and operational documents dated through the third quarter of 2025. This rules out the possibility that these files were recycled from a 2022 Hive ransomware attack that previously targeted the railway group. The exposed data includes:
- Full names, email addresses, phone numbers of employees
- Job titles, salaries, and employee identification numbers
- Payroll information and bank account details
- Contracts, accords, and agreements with government agencies including the General Guardia di Finanza, Ministry of Defense, General Command of the Carabinieri, and Ministry of Foreign Affairs
- Internal shares and multi-company repositories
- Technical documentation and progress reports
- HR archives and accounting data
- Web configurations and system access details
- Complete datasets from several FS Group companies
The number of affected individuals and the nature of the attack are not disclosed.
Almaviva notified relevant Italian authorities, including the Public Prosecutor's Office, the Postal Police, the National Agency for Cybersecurity (ACN), and the Italian Data Protection Authority (Garante della Privacy). The company has committed to collaborating with these agencies, partners, and other stakeholders in investigation and response activities.
It's not clear whether passenger information from FS Italiane's transportation services is included in the leaked data, or if the breach has impacted other major clients of Almaviva beyond the railway operator.
