Cyber Incident Victim: BusItalia

On April 10, 2025, BusItalia received notice from its external data‑processing provider that a hacker attack had compromised user data. The provider indicated that the intrusion had occurred at the end of March 2025, according to reports from the Mattino di Padova. Upon being informed, BusItalia immediately blocked its systems for a period to conduct security verification.

The attackers gained access to BusItalia’s website and mobile application and exfiltrated sensitive personal information of users. The compromised data include anagraphic details, location information, contact details, the number of trips taken on specific routes, and home addresses. The article explicitly states that payment data, banking operation details, and security codes were not affected. As a concrete consequence, users may experience difficulties accessing the ticket‑purchase service for buses and trams or may find their personal accounts malfunctioning. In response, BusItalia advised its customers to change the passwords associated with their accounts and noted that profile security codes could also be at risk. The company announced it would file a complaint with the relevant data‑protection authority and would request information from the officer responsible for data management and protection. The article warns that the stolen personal data could be used improperly, potentially leading to fraudulent messages, emails, or phone calls, and underscores the broader importance of cybersecurity in the context of increasing digitalization.