Cyber Incident Victim: Università degli studi di Roma Tre

On or around February 7, 2020, the hacktivist collective LulzSec ITA conducted cyber intrusions targeting three Italian universities, including Roma Tre University in Rome, alongside institutions in Basilicata and Naples. The group publicly claimed responsibility for these attacks via a Twitter announcement on February 13, 2020, framing their actions as part of a sustained campaign against academic institutions spanning approximately nine years. LulzSec ITA characterized the breaches as intentional demonstrations of systemic cybersecurity weaknesses within universities, asserting they had targeted such organizations for decades without facing repercussions. Their public statement directly addressed students and faculty, emphasizing that universities house "the excellent minds of our future" and arguing that inadequate security practices in educational environments undermine societal trust in future leadership. The collective implied a pattern of prior unreported attacks on academic targets, though no specific historical incidents were detailed in their claim.

The attackers did not disclose technical specifics of the intrusion methods, compromised systems, or exfiltrated data at Roma Tre University or the other institutions. LulzSec ITA's messaging focused exclusively on ideological justification rather than operational details, asserting that their goal was to provoke institutional improvements in cybersecurity hygiene. No quantifiable impacts—such as data leaks, system downtime, or financial losses—were explicitly cited in the group’s declaration or contemporaneous reporting. Similarly, the article did not document containment measures, forensic investigations, or remediation efforts undertaken by the affected universities. The incident’s primary observable consequence was the public assertion of unauthorized access, leveraged by the threat actors to amplify their critique of cybersecurity preparedness in Italy’s higher education sector.