Cyber Incident Victim: Engitel
Date:
Apr 2016
Location:
Italy
Summary
A hacktivist operation dubbed NessunDorma targeted Italian job-seeking portals and associated entities, compromising sensitive data to protest labor conditions and corporate-favoring legislation. The attackers, affiliated with Anonymous and LulzSec Italy, leaked approximately 1.8 million user records, half a million job-seeker evaluations, and thousands of corporate contacts, asserting demands for higher minimum wages and mandatory health insurance. The breach exposed vulnerabilities in websites developed by a common design agency, Engitel, whose own data was included in the 300MB dump hosted on MEGA. This incident followed prior disruptive activities by the groups, including distributed denial-of-service attacks against government portals linked to contentious infrastructure projects.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 9, 2016, hacker collectives Anonymous Italy and LulzSec Italy initiated Operation #NessunDorma ("Nobody Sleeps") by breaching multiple Italian job-seeking portals and leaking stolen data. The groups announced the operation publicly, framing it as a protest against labor policies under Prime Minister Matteo Renzi and Labor Minister Giuliano Poletti. They specifically opposed proposed legislation they claimed favored corporations over workers, demanding nationwide implementation of an €8/hour minimum wage and mandatory health insurance for temporary contract workers. The attackers exfiltrated approximately 4 million records totaling 1.5 GB, including 1.8 million user profiles, 500,000 job-seeker evaluations, and 7,000 corporate contact details from employment agencies and companies operating in Italy. They published the data in six compressed archives hosted on MEGA, though the combined files amounted to only 300 MB of actual data. Security researchers from Risk Based Security identified that all compromised websites shared a common origin, having been developed by Italian web design firm Engitel. The leaked dataset included information from Engitel's own systems, suggesting the attackers may have compromised the agency's infrastructure to access client sites. Softpedia attempted to contact Engitel for verification but received no immediate response.
This incident followed prior cyber campaigns by Anonymous Italy targeting Italian infrastructure. In preceding weeks, the group had conducted distributed denial-of-service (DDoS) attacks against regional government web portals to protest Italy's participation in the Trans Adriatic Pipeline energy project. Two weeks before #NessunDorma, Italian authorities arrested a 16-year-old from Udine for involvement in Anonymous' #OpSafePharma DDoS campaign. The job portal breaches represented an escalation from temporary service disruptions to sustained data theft and exposure. While the attackers framed the operation as exposing corporate exploitation, the leak exposed sensitive personal information of job seekers alongside corporate data. The discrepancy between claimed data volume (1.5 GB) and actual published content (300 MB) left unresolved questions about unreleased datasets or possible exaggeration of impact. No remediation efforts by affected companies or law enforcement responses specific to this breach were detailed in available reporting at the time of disclosure.