Cyber Incident Victim: Civita.S

OnMarch 30 2025 the municipal service Civita.S issued a notice informing users that its provider MyCicero S.r.l. had experienced a security incident affecting the Civita.S application. According to the notice, MyCicero reported that unidentified external actors had carried out a cyber‑attack on the provider’s servers, leading to a breach of personal data processed through the app. Upon learning of the attack, MyCicero immediately disabled the affected systems to prevent further unauthorized access and to conduct verification and security improvements. The temporary shutdown resulted in observable malfunctions and slowdowns of the Civita.S app during the days preceding the public announcement. The notice specified that the data potentially exposed in the breach included users’ first and last names, e‑mail addresses, telephone numbers, and any mobility titles that had been purchased through the application. It explicitly stated that login credentials, passwords, payment information, and credit‑card details were not compromised in the incident. No evidence was presented indicating that any other categories of personal data had been accessed or exfiltrated by the attackers.

In response to the breach, MyCicero blocked the compromised systems, initiated a thorough analysis and remediation of its infrastructure, and reinforced its security measures and access‑control policies. The provider also activated a dedicated assistance channel for users seeking information or support related to the incident. Civita.S provided contact e‑mail addresses for both MyCicero and its own support team, enabling users to direct inquiries to the appropriate parties. The notice was dated April 17 2025 and was published on the Civita.S website to ensure transparency with the affected user base.