Cyber Incident Victim: Zètema Progetto Cultura

On the morning of Monday, September 11, 2023, a significant cyber attack was launched against the digital infrastructure managed by Zètema Progetto Cultura for Roma Capitale. The attack rendered numerous official websites and their associated services completely inaccessible to the public from the early hours of the day. This incident represented another in a series of cyber attacks targeting high-profile Italian entities, following similar events affecting Acea, the Agenzia delle Entrate, Trenitalia, Ferrovie dello Stato, Atac, and the Campidoglio itself. The breadth of the attack immediately indicated a large-scale and coordinated effort against the city's cultural and tourist portals.

Zètema Progetto Cultura, the company responsible for managing these sites, swiftly initiated its technical response protocol. The organization engaged a primary firm specializing in cybersecurity to conduct initial verification and forensic analysis. These first technical assessments confirmed the initial suspicion that the widespread outage was not due to a simple technical failure but was indeed the result of a malicious cyber attack. The nature of this attack, while not specified in granular technical detail, was severe enough to compromise the availability of a wide array of web services simultaneously.

The scope of the impact was extensive, affecting the main corporate website of Zètema, www.zetema.it, alongside a critical suite of cultural and informational platforms. The inaccessible sites included the primary portal for the city's civic museums, www.museiincomuneroma.it, as well as the individual websites for each of the Musei Civici. The official site for the city's cultural heritage department, www.sovraintendenzaroma.it, was also knocked offline. Furthermore, the attack disrupted key services for tourists and residents, including the official tourism site www.turismoroma.it, the Roma Pass ticket and information system www.romapass.it, and the city's cultural event hub www.culture.roma.it. The comprehensive city information guide portal www.060608.it was similarly impacted.

The incident also crippled several other specialized services and platforms. The MIC Card membership program site, www.miccard.roma.it, became unreachable, affecting a system designed for frequent museum visitors. The youth information portal, www.informagiovaniroma.it, and the city's care service information site, www.romacura.roma.it, were taken offline, hindering access to important public service information. Additionally, several specific cultural and educational attractions were affected, including the interactive children's museum Technotown at www.technotown.it, the Casina di Raffaello children's cultural space at www.casinadiraffaello.it, and the Progetto ABC cultural initiative at www.progettoabc.it. The attack extended beyond public-facing websites to encompass connected mobile applications and backend services linked to these domains, indicating a deep compromise of the underlying hosting infrastructure.

In adherence to legal and regulatory obligations, Zètema Progetto Cultura promptly informed the Italian Data Protection Authority, l’Autorità Garante per la protezione dei dati personali, about the breach. This formal notification is a mandatory step under data protection laws, particularly when a security incident has the potential to compromise personal data. Concurrently, the company also began the process of informing other relevant competent authorities, though these specific agencies were not named in the public statement. This dual-track reporting highlights the serious nature of the incident and its potential implications for data privacy.

The primary operational focus for Zètema and its technical partners was the containment of the attack and the restoration of services. All necessary measures were activated to achieve this goal as quickly as possible. The response involved isolating affected systems to prevent further spread of the attack, investigating the method of intrusion, and working to cleanse systems and restore them from clean backups. The public statement emphasized the company's commitment to reinstating full functionality with minimal delay, though it did not provide a specific timeline for full recovery, acknowledging the complexity of securing and bringing back online such a large and interconnected digital ecosystem.

The immediate consequence of the attack was a severe disruption to the digital presence of Rome's cultural and tourism sectors. Citizens and tourists were unable to access vital information regarding museum hours, exhibitions, events, and ticket purchases through the official channels. The inability to reach the Roma Pass site directly impacted tourism, a key economic sector for the city, as visitors could not purchase or retrieve their passes online. The outage of the 060608 information portal removed a central source for cultural news and event bookings, while the takedown of the Informagiovani site limited access to resources for young people. The incident effectively severed a major communication and service delivery channel between the city's administration and the public, demonstrating a critical vulnerability in the digital infrastructure supporting Rome's cultural life. The attack on Zètema Progetto Cultura underscored a continuing trend of cyber threats targeting public and quasi-public institutions in Italy, disrupting essential services and eroding public trust in digital systems.