Cyber Incident Victim: Rome Capitale

On September 11, 2023, multiple websites and digital services managed by Zètema Progetto Cultura for Rome Capitale became inaccessible due to a cyberattack. The disruption began in the early hours of Monday, affecting platforms including Zètema’s primary domain (www.zetema.it), municipal museum websites (www.museiincomuneroma.it and individual civic museum sites), cultural portals (www.sovraintendenzaroma.it, www.culture.roma.it), tourism services (www.turismoroma.it, www.romapass.it, www.060608.it), and auxiliary platforms like www.informagiovaniroma.it and www.romacura.roma.it. Mobile applications and connected services tied to these domains also experienced outages. Zètema, a key cultural infrastructure manager for Rome’s municipal government, engaged a prominent cybersecurity firm to conduct technical assessments, which confirmed the incident as a deliberate malicious attack. The company promptly notified Italy’s Data Protection Authority (Garante per la protezione dei dati personali) and other relevant authorities about the breach, aligning with regulatory obligations.

The attack disrupted access to critical public-facing resources, including ticketing systems (www.miccard.roma.it), educational hubs (www.technotown.it, www.casinadiraffaello.it), and cultural initiatives (www.progettoabc.it). Zètema activated emergency measures to restore services but did not specify an estimated recovery timeline or the attack’s technical methodology. No operational details about the attackers’ identity, motives, or data compromise were disclosed. The incident followed a pattern of recent cyberattacks targeting major Italian entities such as Acea, Trenitalia, Ferrovie dello Stato, Atac, and Campidoglio, though no explicit linkage was confirmed. Restoration efforts prioritized reinstating digital access to cultural and tourism assets, with no public reports of collateral damage to physical infrastructure or secondary systems beyond the listed domains.