Cyber Incident Victim: Lycamobile
Date:
Nov 2019
Location:
Italy
Summary
Anonymous and LulzSecITA compromised a telecommunications provider as part of a coordinated protest, breaching systems and exfiltrating 5.4 gigabytes of sensitive customer and corporate data including identification documents, telephone records, and financial information. The hacktivists leaked the data publicly to expose security vulnerabilities and criticize institutional failures in privacy protection, claiming access to an executive email account but emphasizing their intent was demonstration rather than financial exploitation. The incident highlighted risks to personal data through their statement condemning inadequate safeguards by entities entrusted with user privacy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On November 5, 2019, coinciding with the annual Guy Fawkes Day "Million Mask March" protests associated with Anonymous, Italian hacktivist groups Anonymous Italia and LulzSecITA conducted cyber intrusions targeting multiple Italian organizations, including telecommunications provider Lyca Mobile. The coordinated attacks, branded under Operation Vendetta, breached professional orders, government entities like the Naples prefecture, and regional environmental agencies. LulzSecITA specifically compromised Lyca Mobile's Italian website, exfiltrating approximately 5.4 gigabytes of sensitive customer and corporate data. The leaked information included scanned identity documents such as passports, driver’s licenses, and public ID cards, alongside telephone records, credit card details, and internal company communications. Evidence suggested attackers gained full control of the email account lycamobile[at]lycamobile[.]it, belonging to a company official, as folders from this account appeared in the published data dump. Hacktivists publicly disseminated the stolen records but emphasized their intent was to demonstrate security vulnerabilities rather than commit financial fraud. No independent verification confirmed the authenticity of all leaked documents at the time of disclosure.
The breach exposed systemic failures in protecting customer privacy, according to Anonymous Italia’s manifesto accompanying the data release. Their statement criticized organizations for inadequately safeguarding personal information despite legal obligations, framing the attack as a wake-up call about institutional negligence. Lyca Mobile’s compromised data revealed sensitive subscriber details and internal corporate documents, creating reputational damage and potential identity theft risks for affected individuals. The hacktivists leveraged the symbolic timing of November 5th to amplify their message about governmental and corporate accountability. While the groups claimed additional high-profile breaches, including Italy’s Chamber of Deputies, Lyca Mobile represented a significant private-sector victim with tangible data exposure. No public containment measures or forensic findings from Lyca Mobile were reported in the available source material following the incident.