Cyber Incident Victim: Italian Government

On November 11, 2017, Italian authorities detected a cyber intrusion targeting government employees' email accounts, attributed to the activist group Anonymous. The group published stolen documents on its Italian blog, including a screenshot of an email from a government address detailing security arrangements for Prime Minister Paolo Gentiloni's upcoming site inspection. This email contained names of security personnel assigned to the visit. Anonymous also leaked a letter specifying radio frequencies for Gentiloni's Brussels trip, operational orders to Rome police regarding protest management, military salary details, personal payslips, and copies of identification documents. The specialized police cyber unit initiated an investigation on the same day as the breach and data publication. By November 14, authorities confirmed the compromised accounts belonged to one Defense Ministry employee and one police officer, with no evidence of broader infiltration into institutional systems beyond these individual mailboxes.

Technical analysis determined that attackers exclusively accessed personal inboxes rather than classified or official government systems. The Defense Ministry emphasized no systemic vulnerabilities or "holes" in its infrastructure enabled the breach, clarifying that all published materials originated from private employee accounts. No classified information or state secrets were exfiltrated. Law enforcement described the investigation as ongoing but initially limited to the two confirmed compromised accounts. The incident exposed operational protocols like security details and protest response plans, alongside sensitive personal data of government personnel, though institutional systems remained unaffected according to forensic examinations. Authorities maintained public assurances regarding the containment of the breach throughout their response.