Cyber Incident Victim: Autolinee Romano
Date:
Mar 2025
Location:
Italy
Summary
Autolinee Romano notified users that a data breach occurred at its IT service provider after unidentified external actors accessed the company's servers. The provider reported that potentially exposed personal data included names, surnames, email addresses and telephone numbers, while login credentials, financial information, passwords, identification documents and payment card data were not compromised. To contain the incident the affected systems were temporarily taken offline, the provider blocked access, conducted forensic analysis, remediated the infrastructure and strengthened access policies and monitoring. It provided contact details for further information at [email protected] and the DPO at [email protected].
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 30, 2025, Autolinee Romano issued a communication informing users of the My Cicero app that a personal data breach had occurred involving its IT service provider. The provider notified the company several days earlier that unidentified external actors had carried out malicious activity on the company's servers, resulting in a breach of personal data. Upon receiving the notification, Autolinee Romano proceeded urgently to determine the nature and scope of the incident. To facilitate verification and security actions, the affected system was made inaccessible for a limited period, which may have caused users to experience malfunctions or slowdowns in the app during those days.
The company stated that, despite its security parameters, unauthorized third parties could have gained access to some personal data. According to the information gathered, the potentially exposed data include names and surnames and contact details such as email addresses and telephone numbers. Autolinee Romano specified that access credentials, financial data, payment information, passwords, and identity documents were not compromised, and that no credit card data were exfiltrated because such information is not hosted on its systems. The communication noted that the most likely consequence of the breach is the receipt of unsolicited spam messages offering unwanted goods or services, and that personal data might also be used for phishing emails or phone calls and SMS from individuals who could know the user's name and surname to propose purchases or request additional personal data.
In response, the service provider implemented immediate technical and organizational measures, including a temporary block of the involved systems and an analysis of the unauthorized accesses. The provider also carried out remediation of the impacted infrastructures and increased the security of its systems. Autolinee Romano reported that activities are underway to strengthen access policies, verify credentials, and improve monitoring of anomalous accesses. For further information, users can contact the company via email at [email protected] or reach the data protection officer at [email protected].