Cyber Incident Victim: Movimento 5 Stelle
Date:
Sep 2018
Location:
Italy
Summary
A hacker known as Rogue0 breached the Movimento 5 Stelle's Rousseau platform, exposing personal data including names, email addresses, and donation amounts of several contributors. The attacker published partial donor information online and suggested access to broader database contents, including recent tables related to candidate lists and training proposals, indicating potential compromise of current records. This incident followed prior security breaches involving the same threat actor, raising concerns about unresolved vulnerabilities despite previous regulatory fines and mandated security improvements. Italy's data protection authority initiated investigations to determine if the breach stemmed from previously identified weaknesses. Affected individuals confirmed the authenticity of leaked donation receipts, though some downplayed the impact. The intrusion occurred amid ongoing digital policy votes hosted on the platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 5, 2018, the hacker known as Rogue0 breached the Rousseau online platform used by Italy's Movimento 5 Stelle (M5S) political movement, marking their second intrusion after a 2017 attack. The attacker published two tweets containing excerpts from Rousseau's database, disclosing sensitive donor information including full names, email addresses, and exact donation amounts (ranging from tens of euros) for seven individuals. The leaked records pertained to transactions dated July 2018, confirming the compromised data's recency. One affected donor verified the breach's authenticity by matching the leaked information against their transaction receipt, while another expressed resignation about the incident but maintained continued platform usage. The attack coincided with scheduled digital voting on internet access and digital citizenship proposals through Rousseau.
Italy's Data Protection Authority (Garante per la privacy) immediately initiated investigations to determine whether the breach stemmed from unresolved vulnerabilities identified during the 2017 incident, for which platform operator Casaleggio Associati had received a €32,000 fine. The Garante had previously mandated comprehensive security improvements by September 30, 2018, raising questions about whether the current breach occurred despite these pending upgrades. Cybersecurity expert David Puente suggested Rogue0 likely accessed recent data tables including "rsu_academy_proponi_corso" and "rsu_candidati_2018," indicating potential exfiltration of the entire database. Legal experts highlighted that under forthcoming EU data protection regulations (effective in Italy from September 19), such breaches required mandatory notification to affected parties and authorities within 72 hours. The incident exposed ongoing security deficiencies in Rousseau's infrastructure despite prior regulatory sanctions and public assurances from M5S leadership about the platform's reliability.