Cyber Incident Victim: SIAE

On or around October 20, 2021, the Società Italiana degli Autori ed Editori (SIAE), Italy’s government-mandated copyright protection agency, suffered a ransomware attack compromising servers containing sensitive member and employee data. The Everest ransomware gang claimed responsibility for the breach, exfiltrating national identity documents, driver’s license scans, and contractual agreements between SIAE and its members. As the sole royalties collector for Italian creators, SIAE’s platform held registrations for all domestic artists, musicians, authors, actors, and other copyright holders, including high-profile celebrities. Attackers targeted the agency for extortion purposes, encrypting systems and demanding payment to prevent data exposure. When SIAE did not pay the ransom, the Everest gang attempted to sell the stolen dataset for $500,000, advertising it as containing contracts and personal information of Italy’s creative professionals. SIAE formally notified Italy’s data protection authority, Garante per la Protezione dei Dati Personali (GPDP), of the server breach shortly after detection.

The GPDP announced an investigation into the incident on October 21, 2021, focusing on whether hackers successfully stole personal data of SIAE members and employees. The confirmed data exposure placed affected individuals at risk of identity theft, financial fraud, and social engineering attacks leveraging their compromised contracts and government-issued identification documents. Authorities advised SIAE members to monitor for unsolicited communications mimicking legitimate correspondence and report suspected scams to Italy’s cybercrime police unit. The Everest gang’s public sale of the data underscored the operational disruption to SIAE’s royalty management systems and the broad reputational impact across Italy’s creative industries. No evidence indicated SIAE negotiated with the threat actors or that paying the ransom would have prevented further misuse of the stolen records.