Cyber Incident Victim: STN S.r.l
Date:
Mar 2025
Location:
Italy
Summary
STN S.r.l was informed by its mobile ticketing service provider that a breach resulting from unidentified external actors compromised the provider’s servers, causing the application to be temporarily unavailable while security checks were performed. The provider later disclosed that personal data including names, surnames, gender, dates and places of birth, tax codes, and contact details such as addresses, email addresses and phone numbers had been exfiltrated to a remote cloud, while payment card information remained unaffected because it is stored with an external payment service provider. The provider stated that containment measures were applied and additional technical and organizational safeguards were implemented to prevent similar incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between March 29 and March 30, 2025, the mobile ticketing app provider MY CICERO reported that unidentified external actors carried out malicious activity on the servers it uses for the service. As a result, the provider made the system inaccessible for a limited period to conduct verification and security actions. STN S.r.l. noted that this interruption could have caused users to experience malfunctions or slowdowns in the app during those days.
On April 4, 2025, MY CICERO informed STN S.r.l. that an unauthorized exfiltration of data to a remote cloud had occurred. The provider stated that the potentially exposed information included personal data such as name, surname, gender, date of birth, place of birth, and tax code, as well as contact data including postal or email address and fixed or mobile phone number. MY CICERO also clarified that credit card data were not involved because they are stored with external payment service provider systems.
In response, MY CICERO said it had implemented measures to contain the breach and attenuate its effects, and had adopted technical and organizational actions intended to prevent similar incidents from recurring. STN S.r.l. indicated that it would remain in contact with the provider to monitor the outcome of the investigations and to undertake any further initiatives needed to mitigate possible effects of the event. For any related support or information, users could contact STN at the email address [email protected].