Cyber Incident Victim: Autoguidovie

On March29 and 30, 2025, the mobile ticketing app provider MY CICERO reported to Autoguidovie that unidentified external actors had carried out malicious activity on its servers, resulting in a breach of personal data. The breach occurred during that two‑day window and prompted the provider to take the affected system offline for a limited period to conduct security verification and containment actions. As a result of the system being inaccessible, users of the Autoguidovie app experienced malfunctions or slowdowns in the days following the incident. The provider later confirmed on April 4, 2025 that an unauthorized exfiltration of data to a remote cloud had taken place.

The data potentially exposed in the breach included personal identifiers such as name, surname, gender, date of birth, place of birth and tax code, as well as contact information comprising postal or email addresses and fixed or mobile telephone numbers. According to the provider’s statement, credit card data were not involved because they are stored with external payment service provider systems and remained unaffected. No evidence was presented indicating that any other categories of data, such as travel history or ticket purchase details, were compromised. The exposure of the aforementioned personal and contact data raised the risk of unauthorized use by third parties.

In response to the breach, the provider isolated the compromised servers and performed a thorough verification to assess the scope of the incident. Containment measures were implemented to stop further unauthorized access and to mitigate the effects of the exfiltration. Subsequently, the provider introduced additional technical and organizational safeguards intended to prevent recurrence of similar incidents. Autoguidovie remained in contact with the provider, monitored the outcome of the investigations, and offered users a dedicated privacy email address for any support or information requests related to the event.