Cyber Incident Victim: Comune di Mantova

On April 16, 2024, the Comune di Mantova experienced a cybersecurity incident affecting technological applications managed by Tea, a service provider. The attack prompted an immediate investigation by Tea’s internal and external specialist teams. Tea formally notified the municipality regarding developments in the investigation, confirming no permanent loss or deletion of personal data occurred and asserting all data remained under the company’s full control. A criminal group claimed responsibility for the breach, alleging data exfiltration—including personal information—and provided demonstrative samples as evidence of their claims. Despite this claim, investigators could not initially verify the scope, nature, or factual basis of the alleged confidentiality breach involving data processed on behalf of the Comune di Mantova. The compromise specifically impacted systems handling municipal data processed by Tea under its contractual obligations.

Tea committed to continuing forensic analysis to determine which categories of data, if any, were exfiltrated during the incident. This ongoing investigation aimed to enable the Comune di Mantova, as the data controller, to fulfill any mandatory regulatory notifications or compliance steps required under data protection laws. The municipality directed concerned citizens to contact Tea’s dedicated helpline (800 903693) or its Data Protection Officer, Rosario Imperiali D’Afflitto, for clarifications and guidance on best practices following such incidents. Tea published a detailed incident notice on its corporate website to inform users and address inquiries. No operational disruptions or irreversible data destruction affecting municipal services were reported in the initial assessment. The investigation remained active to establish conclusive findings regarding the attackers’ specific access and exfiltration activities.