Cyber Incident Victim: Gestopark s.r.l.
Date:
Mar 2025
Location:
Italy
Summary
Gestopark s.r.l., the operator managing the municipality’s paid parking service, suffered a cyber attack that temporarily disabled its payment application and may have led to the exfiltration of some users’ personal data, including names and contact details. The breach did not expose credit‑card information, vehicle license plates, parking locations or times, or any issued fines. The company said it immediately activated its security procedures and added further technical and organizational measures to strengthen its systems and prevent similar incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 29, 2025, the company Gestopark s.r.l., which manages the paid parking service on behalf of the Municipality of Sarzana, suffered a cyber attack. The attack resulted in the temporary unavailability of the application used for paying parking fees. Additionally, there was a possible exfiltration of some personal data of users, specifically anagraphic information and contact details. The breach did not involve credit card data, vehicle license plates, parking location or time details, or any fine-related information. Gestopark s.r.l. communicated that it immediately activated the predefined security procedures. In response, the company adopted additional technical and organizational measures aimed at strengthening its information systems. These steps were taken to prevent similar incidents from occurring in the future. The Municipality of Sarzana stated that it remains in constant contact with the provider to monitor the service and protect user data.
The municipality affirmed its commitment to adopt any useful initiative to guarantee the security and reliability of its digital communal services. It emphasized that ongoing monitoring and data protection efforts would continue. No further details about the attack vector or perpetrators were provided in the source.