Multiple transit companies in Italy affected through the breach of MyCicero platform
Learn More
A cyberattack that targeted third party services MyCicero and MooneyGo platforms has compromised the personal data of thousands of users across multiple cities throughout Italy. MyCicero and MooneyGo platforms serve as digital payment systems for parking fees, public transport tickets and taxi services.
The incident, occurred between March 29-30, 2025 impacted multiple operators including ATM Milano, TUA Abruzzo, UnicoCampania, Busitalia Veneto, ATV Verona, ASPO Olbia, and other regional transport companies that rely on the MyCicero and MooneyGo platforms.
The attack was discovered on April 1, 2025 and forensic analysis confirmed data theft from databases located at WIIT SpA's data center facilities. The compromised infrastructure was managed by Pluservice S.r.l., which operates as a sub-contractor for Mooney Servizi SpA (formerly MyCicero S.r.l.).
Compromised data includes:
- Names and surnames of registered users
- Email addresses
- Telephone numbers
- Customer profile data and user account information
- Details of purchased mobility tickets and transportation passes
- In some cases, geolocation data related to travel patterns
The number of affected individuals and the nature of the attack is not disclosed. The attack involved at least three different companies: Mooney Servizi as the primary data processor, Pluservice S.r.l. as the platform developer and manager, and WIIT SpA as the cloud infrastructure provider. This supply chain created multiple potential points of failure and complicated both the initial security posture and the subsequent incident response coordination.
WIIT SpA, the cloud services provider, issued a detailed clarification statement emphasizing that their cloud infrastructure was not directly compromised. According to WIIT, their monitoring systems detected anomalous behavior within the hosted infrastructure and immediately recommended that Pluservice isolate and suspend the MyCicero service.
