Cyber Incident Victim: Azienda Trasporti e Mobilità di Ancona e Provincia
Date:
Mar 2025
Location:
Italy
Summary
Azienda Trasportie Mobilità di Ancona e Provincia reported that its service provider MyCicero S.r.l. experienced a cyber attack on its servers, leading to a breach of personal data collected through the Atma app. The exposed information includes users’ names, surnames, email addresses, telephone numbers and any mobility tickets purchased, while login credentials, passwords and payment details were not compromised. Following the breach, MyCicero disabled the affected systems to conduct investigations and remediation, which caused temporary disruptions and possible slowdowns in the app. The provider has since blocked the compromised infrastructure, initiated forensic analysis, strengthened security measures and access policies, and set up a dedicated support channel for affected users.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 30, 2025, ATMA Soc. Cons. per Azioni received notification from its service provider MyCicero S.r.l. that an unidentified external actor had carried out a cyber attack against MyCicero’s servers, resulting in a breach of personal data processed through the Atma mobile application. The provider disclosed that the intrusion was detected on its infrastructure and that, as a precautionary measure, the affected systems were taken offline to allow for verification and remediation activities. This temporary suspension led to observable performance issues, including possible malfunctions and slowdowns of the Atma app reported by users in the days preceding the announcement.
According to the information shared by MyCicero, the data potentially exposed in the incident include users’ first and last names, email addresses, telephone numbers, and any mobility titles that had been purchased through the app. The provider explicitly stated that authentication credentials, passwords, payment card details, and other financial information were not compromised. The exposure of the identified data elements raises the risk that they could be used for unsolicited commercial communications, phishing attempts, suspicious telephone calls or SMS messages, and attempts to obtain additional personal information through fraudulent means.
In response to the breach, MyCicero reported that it had immediately isolated the compromised systems, initiated forensic analysis and remediation of its infrastructure, and reinforced its security controls and access policies to prevent further unauthorized access. Additionally, the provider activated a dedicated assistance channel for affected users to address inquiries and provide support. The assistance channel was intended to facilitate direct communication between the provider and users regarding the breach and any related concerns. ATMA made available contact points for both MyCicero ([email protected] and [email protected]) and its own data protection officer ([email protected]) for users seeking further information about the incident.