Cyber Incident Victim: Comune di Vico Equense
Date:
Apr 2022
Location:
Italy
Summary
The Comune di Vico Equense suffered a ransomware attack aimed at extortion, resulting in a data breach and temporary server shutdown that disrupted services, though essential operations were restored within 48 hours. Attackers exfiltrated and published limited administrative data—including demographic, financial, personnel, and internal procedural documents containing personal information—on the darkweb, though much of this data was already publicly accessible via official channels. The municipality engaged internal and external specialists to restore systems, notified Italy’s Privacy Guarantor and the Postal Police, and emphasized that accessing the stolen data constitutes illegal activity. Investigations continue to determine the full scope of compromised information and identify the perpetrators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 27, 2022, the Comune di Vico Equense experienced a cyberattack characterized as an extortion attempt involving ransomware, which triggered a data breach despite existing security measures. The attack caused a temporary blockage of municipal servers, resulting in service delivery delays across essential functions. Upon identifying the nature of the malfunctions, the municipality’s IT sector coordinated with a specialized external support partner to execute system restoration and secure reboot procedures, successfully recovering nearly all critical data targeted in the attack. Recovery of essential services was achieved within 48 hours. Concurrently, forensic analysis revealed that hackers had exfiltrated and published a limited volume of data on the darkweb, a segment of the internet frequently exploited for illicit activities. The compromised data primarily resided in shared folders accessible across municipal departments, including Demographics/Registry, Finance, Social Policies, Contracts, Personnel, and the Secretary’s Staff.
The published data consisted largely of administrative and operational documents—such as procedures, meeting minutes, internal regulations, and directives—some containing personal information. The municipality clarified that many exposed documents were already publicly accessible through its "Amministrazione Trasparente" (Transparency Administration) portal or via other lawful disclosures. In compliance with legal obligations, the Comune notified Italy’s Data Protection Authority (Garante della Privacy) of the breach and maintained ongoing communication to monitor the incident’s implications. A criminal report was filed with the Postal Police, and specialized technicians were engaged to assess the precise scope and categories of compromised data. The municipality emphasized that accessing or using the darkweb-published data constitutes a criminal offense and noted such information would only be accessible to technically skilled actors. No extortion demands were legally or ethically accommodated. Service disruptions prompted a public apology, with acknowledgments extended to employees for their professionalism, citizens for their patience, and law enforcement for rapid assistance during the crisis. Internal and external cybersecurity resources were reallocated to reinforce system safeguards against future incidents.