Cyber Incident Victim: Conerobus S.P.A.
Date:
Mar 2025
Location:
Italy
Summary
MyCicero experienced a cyber attack on its servers that resulted in a personal data breach affecting users of the ATMA App. The compromised data included names, surnames, email addresses, phone numbers and any mobility tickets purchased through the app, while passwords, payment information and credit card details remained secure. As a precaution, the affected systems were temporarily shut down for investigation and remediation, and security controls were strengthened. MyCicero also contacted the relevant data protection officers and provided assistance channels for impacted users.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On 30 March 2025 the mobility app operator ATMA Soc. Cons. per Azioni was notified by its service provider MyCicero S.r.l. of a security incident affecting the personal data processed through the App Atma. MyCicero reported that unidentified external actors had carried out a cyber attack on its servers, resulting in a breach of user information. As a precautionary measure the compromised systems were temporarily shut down to allow for forensic analysis and security improvements, which led to occasional malfunctions or slowdowns in the App Atma during the following days. The data that may have been exposed include users’ first and last names, email addresses, telephone numbers and any mobility titles they had purchased through the app. According to the notice, login credentials, passwords, payment details and credit‑card information were not compromised in the incident.
In response to the breach MyCicero immediately blocked the affected infrastructure, launched an investigation and remediation effort, and reinforced its security controls and access policies. A dedicated assistance channel was activated for users seeking clarification or support regarding the incident. ATMA made its own data protection officer available at [email protected] and directed users to contact MyCicero’s privacy team at [email protected] or [email protected] for further information. The notice was issued from Ancona on 10 April 2025, indicating that the communication to users followed the discovery and initial containment steps.
The communication warned that the exposed personal data could potentially be used for unsolicited commercial messages, phishing emails, suspicious telephone calls or SMS, and fraudulent attempts to obtain additional personal information. No evidence of actual misuse was presented in the notice, and the described possible consequences were limited to those outlined by the provider. The narrative presented reflects only the facts disclosed in the source material, without speculation, opinion or recommendation.