Cyber Incident Victim: primodominio.it

On February 27, 2016, the Italian branch of the hacktivist group LulzSec publicly claimed responsibility for compromising the domain registration service primodominio.it. The group announced the breach through a blog post, stating they had exfiltrated data from 111 database tables containing credentials for over 150,000 users across more than 160 domains managed by the provider. LulzSec Italia attributed their actions to concerns about alleged unpaid wages for employees of ENAIP Veneto, a vocational training organization that utilized European Union funding. The attackers claimed they initially investigated ENAIP Veneto's financial operations but shifted focus to its domain provider primodominio.it after identifying systemic vulnerabilities. They published the stolen credentials via a Mega.nz file-sharing link alongside their manifesto, encouraging public access to the data while sarcastically warning against excessive "do-goodism."

The breach exposed sensitive authentication information including usernames and passwords, with LulzSec Italia explicitly noting the possibility that employee credentials were among the compromised data. Public commentary on the announcement included criticism regarding the attackers' potential misidentification of the domain provider's corporate affiliation, as one respondent asserted primodominio.it was operated by ENAIP Piemonte rather than ENAIP Veneto. Additional reactions questioned the attackers' technical competence and grammatical errors while advising removal of the data dump link. LulzSec Italia referenced multiple Italian news articles documenting ENAIP Veneto's labor disputes dating back to 2014, including strikes over delayed salary payments affecting hundreds of staff members. No statements from primodominio.it, ENAIP, or law enforcement regarding containment measures, forensic investigations, or post-incident remediation were included in the available disclosure.