Cyber Incident Victim: Dolomiti Bus

Between March 29 and March 30, 2025, the mobile ticketing app provider MY CICERO experienced a breach of personal data resulting from malicious activity carried out by unidentified external actors on the servers it uses to support Dolomiti Bus’s application. In response to the incident, the provider rendered the system inaccessible for a limited period to conduct verification and implement security actions, which may have caused users to observe malfunctions or slowdowns in the app during those days. Dolomiti Bus was informed of the breach by MY CICERO and subsequently communicated the details to its customers through an official notice published on its website.

On April 4, 2025, MY CICERO notified Dolomiti Bus that an unauthorized exfiltration of data to a remote cloud had occurred. The provider indicated that the potentially exposed information included personal data such as name, surname, gender, date of birth, place of birth, and tax code, as well as contact data comprising postal or email addresses and fixed or mobile telephone numbers. MY CICERO explicitly stated that credit card data were not involved because they are stored with external payment service provider systems. The provider also reported that it had adopted containment and mitigation measures and had introduced additional technical and organizational safeguards aimed at preventing similar incidents in the future.

Dolomiti Bus informed its users that it remains in continuous contact with MY CICERO to monitor the outcome of the investigations and to undertake any further initiatives necessary to mitigate possible effects arising from the breach. For any related support or information, users can reach Dolomiti Bus at the email address [email protected]. The company committed to providing useful updates as the situation evolves.