Cyber Incident Victim: Job-seeking portals
Date:
Apr 2016
Location:
Italy
Summary
Hacktivist groups Anonymous Italy and LulzSec Italy breached multiple job-seeking portals under operation #NessunDorma, leaking approximately 1.8 million user records, half a million job-seeker evaluations, and thousands of company contacts. The attack, motivated by demands for improved labor conditions including a minimum wage and mandatory health insurance, targeted portals developed by a single web design firm, whose data was also compromised. The groups criticized government officials for policies favoring corporations over workers, aligning with prior disruptive actions against regional government sites.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 9, 2016, hacker collectives Anonymous Italy and LulzSec Italy publicly announced a coordinated cyber operation dubbed #NessunDorma ("Nobody Sleeps"), targeting multiple Italian job-seeking portals. The attack involved unauthorized access to employment websites followed by the exfiltration and public release of approximately 4 million records totaling 1.5 GB of data. The leaked information included 1.8 million user records, 500,000 job-seeker evaluations, and 7,000 corporate contact details from companies operating in Italy. Attackers published this data through six separate archives hosted on MEGA cloud storage, though the actual published data amounted to 300 MB when aggregated. Security researchers from Risk Based Security identified that all compromised portals shared a common infrastructure link, having been developed by Italian web design firm Engitel, whose own data also appeared in the breach. The groups framed this operation as a protest against labor conditions in Italy, specifically criticizing Minister of Labour Giuliano Poletti and Prime Minister Matteo Renzi for proposed legislation they claimed disproportionately favored corporations over workers. Their demands included establishing a minimum wage of €8 per hour and mandatory health insurance coverage for temporary contract workers.
The breach exposed sensitive personal information from both Italian employment agencies and foreign workers, though the exact distribution between these groups remained unspecified. No immediate containment measures or victim responses were documented in available reports, though Softpedia noted attempts to contact Engitel for verification of the intrusion vector. The incident represented an escalation in hacktivist activities targeting Italian institutions, following prior Anonymous operations including distributed denial-of-service (DDoS) attacks against regional government portals protesting the Trans Adriatic Pipeline project. Two weeks prior to the job portal breaches, Italian authorities had arrested a 16-year-old in Udine for participating in Anonymous' #OpSafePharma DDoS campaign, indicating heightened law enforcement attention toward such activities during this period. The operation's timing coincided with ongoing political debates about labor reforms, leveraging stolen data to amplify criticism of government policies affecting workers' rights.