Cyber Incident Victim: Società Unica Abruzzese di Trasporto

On March 30 2025 TUA SpA published a notice informing users that its service provider MyCicero S.r.l. had reported a personal data breach affecting the Tuabruzzo app. MyCicero stated that the breach resulted from malicious activity carried out by unidentified external actors on its servers. Upon being informed, TUA and MyCicero made the affected system temporarily inaccessible to allow verification and security actions. This temporary block could have caused users to experience malfunctions or slowdowns in the app during those days.

According to the notice, the data that may have been exposed include name, surname, e‑mail address, telephone number and, if purchased, any mobility titles. The notice explicitly states that access credentials, financial data, payment information and passwords were not compromised, and that no credit‑card data were stolen because such data are not hosted on TUA’s systems. It further explains that the most likely consequence of the breach is the receipt of unsolicited spam messages offering goods or services, and that the exposed data could also be used for phishing e‑mails, phone calls or SMS attempting to obtain additional personal information.

To address the incident, MyCicero implemented immediate technical and organizational measures, including a temporary block of the involved systems, analysis of unauthorized accesses, remediation of the impacted infrastructures and an increase in security controls. Ongoing work includes strengthening access policies, verifying credentials and improving monitoring of anomalous accesses. TUA also activated a direct assistance channel that users can contact at [email protected] for guidance on recognizing and avoiding phishing or other fraud attempts, and the data protection officers of TUA and MyCicero can be reached at the e‑mail addresses indicated in the notice.