Cyber Incident Victim: FNM Autoservizi
Date:
Mar 2025
Location:
Italy
Summary
FNM Autoservizi reported that its service provider Mycicero S.r.l. detected unauthorized external activity on its systems, leading to a temporary shutdown for investigation and remediation. The provider stated that personal data such as names, surnames, email addresses, telephone numbers and any purchased mobility titles may have been accessed, while login credentials, financial transaction details, passwords and payment card information were not compromised. In response, Mycicero isolated the affected systems, performed forensic analysis, cleaned the infrastructure and strengthened access controls, monitoring and credential verification procedures. FNM Autoservizi is overseeing the effectiveness of these measures and has made a dedicated email address available for further inquiries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 30, 2025, FNM Autoservizi S.p.A. received notification from its IT services provider Mycicero S.r.l. about a security incident affecting the FNMAutoservizi app. Mycicero reported detecting malicious activity conducted by unidentified external actors on its servers. Upon detection, the provider initiated an investigation to determine the nature and scope of the event. To facilitate verification and security actions, the affected system was temporarily made inaccessible, which may have caused users to experience malfunctions or slowdowns in the app. The provider stated that the investigation was carried out with the utmost urgency.
Based on the information gathered by Mycicero, the personal data potentially exposed included name, surname, email address, telephone numbers, and any mobility titles that had been purchased. The provider confirmed that access credentials, financial transaction data related to the purchase of travel tickets and payment methods, and user passwords were not compromised. No exfiltration of credit card or payment card data was reported. Mycicero indicated that the most probable risk stemming from the breach was the receipt of unsolicited spam messages offering goods or services. Additionally, the exposed data could be used for phishing emails aimed at obtaining further personal information, or for phone calls and SMS in which the caller might know the recipient's name and surname to propose purchases or request additional personal details.
In response, Mycicero implemented immediate technical and organizational measures, including a temporary block of the affected systems and analysis of unauthorized accesses. The provider proceeded with remediation of the impacted infrastructures and increased the security of its systems. Ongoing activities include strengthening access policies, verifying credentials, and improving monitoring of anomalous access attempts. To assist affected users, Mycicero activated a direct support channel capable of providing guidance on recognizing and avoiding phishing attempts or other forms of computer fraud. FNM Autoservizi stated that it would monitor the provider's actions to ensure they are effective in mitigating any potential negative effects for customers. For further information, FNM Autoservizi designated the email address [email protected] as the point of contact.