Cyber Incident Victim: Polizia Locale di Roma Capitale
Date:
Apr 2025
Location:
Italy
Summary
A cyber attack disrupted cloud services supporting Rome's local police force, disabling tablets and mobile devices used for issuing traffic fines. This forced officers to manually write tickets using paper notebooks instead of digital systems. The incident also caused significant delays as operators later had to manually re-enter fine data into the system. While authorities indicate the cyber issue is resolved, full service restoration was pending final checks at the time of reporting. This attack follows a pattern of similar incidents affecting other public entities in Rome.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 16, 2025, reports emerged that the Polizia Locale di Roma Capitale was impacted by a cyber attack that began the preceding Wednesday. The attack targeted an external company responsible for managing the cloud storage service used by the police force. This disruption severed the connection necessary for real-time uploading of violation data to the central system. Consequently, tablets and mobile phones issued to officers malfunctioned, displaying a "mancato collegamento al server" (server connection failed) message. This rendered the devices unusable for their primary function of issuing traffic fines electronically. By the evening of Friday, April 18th, the situation remained unresolved, and normal operations had not been restored. The immediate effect was the forced return to manual procedures; officers resorted to using traditional paper notepads ("blocchetti cartacei") to write out traffic tickets in the field. Gabriele Di Bella, the Ugl provincial secretary, confirmed this operational shift, attributing the continued ability to function on the street to officer experience and the practice of carrying paper backups. The impact extended beyond just the initial issuance of fines.
The manual workaround introduced significant secondary delays and inefficiencies. After tickets were written on paper, operators faced the task of subsequently entering the violation data into the system manually. This process of transcribing license plate numbers and other details from the physical notes caused noticeable slowdowns in the overall processing workflow. The incident occurred within a context of recurring cybersecurity issues affecting Rome's public administration entities. Preceding this attack, on March 24th, 2025, the waste management company AMA suffered a similar attack that blocked its IT systems. Furthermore, in September 2023, web portals managed by Zètema for Roma Capitale were also compromised. Even without external attacks, the city's technological infrastructure had experienced problems, including disruptions to municipal registry services culminating in a late March decision to migrate to a new database, and technical failures impacting the vote counting during the recent European elections. Authorities investigating the police system attack stated that the underlying cyber issue had already been resolved technically, but final verifications for full service restoration were still pending. They explicitly ruled out the need for migrations or structural changes akin to the registry service situation. Throughout the disruption, police officers continued their duties using paper notepads and pens, maintaining their presence and surveillance activities on the streets.