Cyber Incident Victim: Associazione Bancaria Italiana
Date:
Apr 2022
Location:
Italy
Summary
The Italian Banking Association experienced a cybersecurity breach involving encrypted sensitive data that later appeared on the dark web. The incident, attributed to the Vice Society ransomware group, compromised corporate credit cards, personnel documents, health certificates, and facility access badges. While the association reported no ransom demand, the attackers claimed otherwise. The organization notified law enforcement, implemented protective measures for affected personnel data, and reinforced infrastructure security following prior cyberattacks targeting its systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early 2022, the Italian Banking Association (ABI) experienced a series of cyberattacks beginning in February, as previously disclosed by the Italian Postal Police. The attacks culminated in a confirmed data breach involving the encryption and exfiltration of sensitive information. Though the exact intrusion timeline remains unspecified, ABI acknowledged the compromise occurred "in the past" relative to April 2022. By late April, stolen data surfaced on dark web platforms, exposing corporate credit cards and personnel records related to employee functions. These records reportedly included health certificates and facility access badges, indicating broad exposure of operational and employee data. ABI filed formal complaints with the Postal Police and relevant authorities upon discovering the dark web exposure.
The association implemented protective measures for its infrastructure and personnel data, though specific technical controls were not detailed. While ransomware group Vice Society claimed responsibility and implied ransom demands, ABI and investigating authorities found no evidence of extortion attempts. The incident reflected a pattern of cyber targeting against ABI, consistent with broader sector trends. Operational consequences included additional security hardening of systems and data, though business continuity impacts were unspecified. No further data dissemination or secondary incidents were reported following the containment actions and law enforcement engagement.