Cyber Incident Victim: EasyCoop
Date:
Apr 2022
Location:
Italy
Summary
A cyberattack targeting a supplier of the e-commerce platform EasyCoop resulted in the theft of customer personal data, including names, phone numbers, addresses, email addresses, and client codes. The compromised supplier provided customer service for the platform but did not store payment information or passwords, which were managed through separate encrypted channels and remained secure. The incident, attributed to a supply chain compromise involving a virus designed to copy and extract data, was promptly reported to affected customers via email and notified to the relevant data protection authority. While the exact attack method remains unconfirmed, hypotheses include SQL injection or ransomware targeting database backups. The breach exposes customers to heightened phishing and social engineering risks leveraging the stolen contact details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 13, 2022, a cybersecurity incident impacted EasyCoop, an e-commerce grocery service operated by Digitail Srl (a subsidiary of Coop Alleanza 3.0) and available in parts of Emilia-Romagna, Veneto, and Rome. The attack targeted a third-party supplier providing customer service support to Digitail, compromising personal data of registered EasyCoop customers. According to Digitail’s official communications, the breach involved customer names, telephone numbers, physical addresses, email addresses, and customer codes. The company confirmed that payment data and account passwords were not compromised, as payment information was managed exclusively by encrypted interbank payment channels and never stored by the affected supplier. Digitail promptly notified impacted customers via email, providing dedicated contact channels for further information, and reported the incident to Italy’s Data Protection Authority (Garante per la protezione dei dati personali) in compliance with privacy regulations.
The exact attack vector remained unconfirmed, though investigative hypotheses centered on two possibilities: an SQL injection exploiting vulnerabilities in the web application’s interface or a ransomware attack exfiltrating database backups. Evidence suggested the latter, as Digitail identified the breach’s origin as a "virus designed to copy and extract data" infiltrating the supplier’s systems—a supply chain compromise enabling unauthorized access to EasyCoop’s customer database. While no ransomware group claimed responsibility, the data theft exposed customers to heightened phishing and social engineering risks, particularly via fraudulent calls or emails impersonating EasyCoop to harvest additional credentials. Digitail emphasized that legitimate communications would never request passwords or direct users to external links for login details. The company maintained that core e-commerce operations remained secure, though the irreversible exposure of personal data necessitated customer vigilance against identity-based threats stemming from the breach.