Cyber Incident Victim: Azienda Trasporti Verona
Date:
Mar 2025
Location:
Italy
Summary
Azienda Trasporti Verona notifiedusers of a data breach affecting its Ticket Bus Verona app and e‑commerce portal after its IT service provider, Mycicero srl, detected activity on its servers. The provider disabled the systems to investigate and remediate the intrusion, confirming that names, surnames, email addresses, phone numbers and any purchased mobility titles may have been accessed, while financial data, payment details and passwords remained uncompromised. Mycicero implemented technical and organizational measures, including system cleanup, enhanced access controls and monitoring, and set up an assistance channel for individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
ATV Verona received a notification from its IT services provider Mycicero srl that unidentified external actors had conducted malicious activity on the provider’s servers supporting the Ticket Bus Verona app and the ATV e‑commerce portal. Mycicero determined the nature and scope of the unauthorized access and, to allow verification and security actions, temporarily rendered the affected systems inaccessible, which may have caused users to experience malfunctions or slowdowns. Based on the provider’s analysis, the personal data potentially exposed included name, surname, e‑mail address, telephone number and, where applicable, mobility titles purchased through the services. The provider confirmed that access credentials, financial data, payment information and passwords were not compromised and that no credit‑card theft occurred.
Mycicero reported that the most probable consequence of the breach was an increased likelihood of receiving unsolicited spam messages or phishing e‑mails, and that individuals might also receive telephone calls or SMS messages using their known name and surname to promote goods or services or to request additional personal data. In response, the provider implemented immediate technical and organizational measures, including a temporary block of the impacted systems, analysis of the unauthorized accesses, remediation of the affected infrastructures and enhancement of overall system security. Ongoing efforts involve strengthening access policies, verifying credentials and improving monitoring for anomalous access patterns. Mycicero also activated a direct assistance channel to provide users with guidance on recognizing and avoiding phishing attempts or other forms of IT fraud.
ATV communicated the breach to affected individuals through a notice dated March 30 2025, detailing the incident, the data involved and the steps taken by the provider. The notice designated [email protected] as the point of contact for further information and emphasized that no financial data or passwords had been compromised. ATV stated that it would continue to monitor the effectiveness of the provider’s remedial actions to ensure they adequately mitigate any potential negative effects for customers.