Cyber Incident Victim: Azienda Trasporti Milanese
Date:
Mar 2025
Location:
Italy
Summary
Azienda Trasporti Milanese disclosed that its app service provider Mooney Servizi SpA experienced a cyber attack that compromised users’ personal data. The breach exposed anagraphic, contact and profile information of registered app users while banking details, payment cards, app credentials and home addresses remained unaffected. The attacker accessed an archive hosted by WIIT SpA that stores data for Mooney Servizi/MyCicero clients, copying the information to an unauthorized external cloud storage. In response, the transport company requested a detailed security report from Mooney Servizi, reinforced controls for third‑party access to its systems, and notified the Italian data protection authority and the national cybersecurity agency about the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the evening of Saturday 5 April 2025, Mooney Servizi SpA informed ATM of a cyber attack on its systems. Mooney Servizi manages the ATM application and is responsible for processing the personal data of its users. Upon detecting the intrusion, Mooney Servizi promptly isolated its systems to prevent further unauthorized access. ATM was notified of the incident and began coordinating its response.
The breach exposed personal data of registered users of the ATM app, including anagraphic information, contact details, and customer profile data. No banking information, credit or debit card numbers, application login credentials, or residential addresses were compromised. The primary consequence identified was a loss of confidentiality, with the possibility of unauthorized disclosure or use of the exposed data. ATM assessed that the breach did not involve financial transaction data or authentication secrets.
ATM requested an updated and detailed report from Mooney Servizi describing the security measures implemented after the attack. To limit further risk, ATM strengthened the security controls governing access to its systems by authorized third parties. The incident was reported to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) and the National Cybersecurity Agency (Agenzia per la cybersicurezza nazionale). Investigation revealed that the attackers targeted an archive hosted by WIIT SpA, which stores data for Mooney Servizi/MyCicero client companies, including the ATM app users. The data were copied via an unauthorized external cloud storage system.