Cyber Incident Victim: InfoCert
Date:
Dec 2024
Location:
Italy
Summary
InfoCert experienced a cybersecurity incident involving unauthorized access to a third-party provider's customer support ticketing system, resulting in the exfiltration of personal data submitted during assistance requests, including identifiers, contact information, fiscal details, and client codes. The company confirmed its core trust services—SPID, digital signatures, and certified email—remained uncompromised and fully operational throughout the event. Investigations revealed the breach originated from the external supplier's infrastructure, with potential risks to affected individuals including identity theft, phishing attempts, unsolicited communications, or fraudulent activities. The company initiated immediate response measures, engaged relevant authorities, and maintained ongoing monitoring to mitigate impacts while continuing to analyze the attack's methodology.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The InfoCert cybersecurity incident began with unauthorized access to systems managed by an external provider responsible for the company's customer care ticketing platform. InfoCert first detected evidence of this breach on December 27, 2024, through routine monitoring activities, discovering that attackers had exfiltrated personal data from the third-party provider's infrastructure. Initial communications dated December 28, 2024, confirmed the compromise did not affect InfoCert's core systems for SPID (public digital identity system), qualified electronic signatures, or certified email services (PEC). The company immediately initiated investigations and notified relevant authorities while emphasizing that no service credentials or authentication passwords had been compromised in the attack. By December 30, 2024, InfoCert clarified the breach exclusively impacted customer support ticket data processed through the external vendor's platform, maintaining that their primary trust services remained fully operational and secure throughout the incident.
Analysis revealed the attackers potentially accessed personal information typically provided during customer support interactions, including identification details, contact information, tax data, and client codes. InfoCert warned affected individuals about possible identity theft attempts, phishing campaigns, fraudulent communications, or scam calls resulting from this data exposure. The company collaborated with the compromised vendor to implement containment measures and conducted ongoing forensic examinations to determine the exact attack methodology. While critical digital identity and signature services were never breached, InfoCert advised customers to proactively change passwords as a precaution and remain vigilant against unsolicited requests for authentication credentials. Updates published through January 7, 2025, confirmed continued investigations and reinforced security assurances for core trust services, with all incident-related communications centralized on a dedicated webpage for transparency.