Cyber Incident Victim: Comune di Alcamo
Date:
Mar 2022
Location:
Italy
Summary
A cyberattack targeted the municipal IT systems of Alcamo, Sicily, compromising local servers and employee hard drives, with concerns raised about potential theft, copying, or encryption of sensitive citizen data. The incident prompted criticism over inadequate cybersecurity investments and backup protocols, as officials questioned whether pre-existing data recovery measures were in place and which departments were affected. A formal inquiry was demanded to assess the extent of data loss or exposure, identify compromised offices, and evaluate the municipality’s cybersecurity expenditure and procedures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeted the municipal IT systems of Alcamo, Sicily, between the night of Sunday, March 7, and Monday, March 8, 2022. The incident prompted immediate concern from local officials, particularly Franco Orlando, a councilor from the Lega Sicilia party, who submitted a formal interrogation to Mayor Surdi’s administration. Orlando publicly questioned whether citizens’ sensitive data had been obscured, copied, or stolen during the breach, emphasizing potential risks to both residents’ privacy and the municipality’s reputation. He highlighted the legal obligations under the EU’s General Data Protection Regulation (GDPR), which mandates robust cybersecurity measures for public administrations. The councilor criticized the administration not for suffering the attack itself but for allegedly failing to invest adequately in cybersecurity infrastructure over prior years, suggesting systemic underpreparedness.
Key unresolved issues centered on data recovery capabilities and operational continuity. Orlando demanded clarity on whether pre-attack backup systems existed to restore data lost or encrypted on local servers and employee hard drives, noting reports that contaminated hardware had scattered critical information across multiple devices. His interrogation formally requested details on the exact scope of damages, specific offices or departments compromised, and whether personal or sensitive data had been altered, lost, or disseminated. Additional inquiries focused on backup frequency, the date of the last backup, current data security procedures, and the municipality’s annual cybersecurity budget. Orlando announced plans to formally petition the City Council President to establish a cross-party investigative commission, framing the incident as both a technical failure and a political accountability issue requiring transparent resolution. The attack’s aftermath revealed significant operational vulnerabilities and intensified scrutiny of the administration’s resource allocation for digital defenses.