Cyber Incident Victim: Università di Pisa

On June 11, 2022, the Università di Pisa suffered a ransomware attack attributed to the ALPHV/BlackCat cybercrime group. The attackers exfiltrated approximately 90,000 files organized across 8,000 folders, totaling 54 gigabytes of data. By June 13, the group began releasing initial samples of stolen information on their data leak site (DLS), which included personal details of researchers and students. The university was presented with a ransom demand starting at €4.5 million, later escalated to €5 million. When negotiations failed, ALPHV/BlackCat announced plans to publicly release the full dataset on June 21. Instead of following through with this threat, the group listed the stolen data for sale at €1 million on XSS, a prominent Russian cybercrime forum, by June 22.

Additional data samples were published on June 17, intensifying concerns among the student body. The student union Sinistra Per publicly criticized the university's handling of the breach, demanding transparency and guarantees regarding the security of sensitive student information. Despite these developments, the Università di Pisa issued no official communications about the incident or mitigation efforts as of the article's publication date. ALPHV/BlackCat claimed on June 21 to have engaged in discussions with the university's rector, though the report characterized this assertion as improbable. The group subsequently established a new countdown for full data disclosure, set for June 24 at 23:00. Independent cybersecurity monitoring group RedHot Cyber verified the continued availability of the data sale post on XSS as of 7:56 AM on June 23. The incident remained unresolved at the time of reporting, with stolen data actively marketed on underground platforms and no public containment or recovery measures confirmed.