Cyber Incident Victim: Ministero dell'Istruzione
Date:
Mar 2018
Location:
Italy
Summary
A cyberattack attributed to Anonymous compromised approximately 26,000 email addresses and associated passwords belonging to teachers and administrative staff affiliated with the Italian Ministry of Education, alongside private email addresses linked to educational institutions. The breach reportedly originated from multiple school websites, coordination forums, and university systems, exposing credentials for platforms including WordPress and potentially sensitive tax-related donation data. The attackers publicly criticized the Ministry's education policies, particularly condemning a school-work program they alleged exploited students as free labor. Exposed credentials raised concerns about potential identity theft cascades, unauthorized access to school administrative systems, and manipulation of student records, though no direct evidence of such exploitation was confirmed in the disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around March 8, 2018, the hacker group Anonymous breached multiple Italian educational platforms, exfiltrating and publicly releasing approximately 26,000 email addresses belonging to teachers, administrators, and school staff. The compromised data included credentials (usernames and passwords), telephone numbers, and access details for at least three WordPress-managed websites. Attackers targeted school coordination forums, individual institutional websites, and databases containing sensitive information, with specific impact on schools in Emilia Romagna and universities including Bocconi, Luiss, Roma3, University of Calabria, and Modena Reggio Emilia. Anonymous claimed responsibility through a public statement criticizing Italy's School-Work alternation program, accusing Education Minister Valeria Fedeli and parliamentarians of exploiting students as "young and free labor." The group threatened further action against government officials while asserting superior effectiveness compared to their targets.
The breach encompassed 52 distinct databases containing 6,048 emails from individual schools, 63 from coordinators, 355 from the Indire forum, 42 from Xforum, 148 from school managers, 155 from referents, 6,808 from teachers, and approximately 13,000 private addresses connected to educational personnel. A particularly sensitive database containing tax-deductible donation records (5xmille) to universities was compromised, potentially exposing donor financial profiles including tax and earnings data. This created significant identity theft risks, as attackers could leverage email access to pivot toward social media, banking, and public administration accounts using social engineering techniques. Additional concerns included potential manipulation of student evaluations through compromised online gradebooks and mailbombing attacks against exposed accounts. The public advisory recommended immediate credential changes and implementation of two-factor authentication, though no official institutional response from the Ministry of Education was documented in the source material.