Cyber Incident Victim: Cassa di Sovvenzioni e Risparmio fra il personale della Banca d'Italia

In early March 2022, an unidentified hacker conducted a multi-day intrusion targeting the Cassa di Sovvenzioni e Risparmio fra il personale della Banca d'Italia (CSR), the savings and pension fund for Bank of Italy employees. The attacker compromised account security and accessed sensitive financial systems handling salaries, pensions, and personal savings. Initial evidence suggested the hacker successfully stole savings from multiple CSR account holders, though specific loss figures weren't disclosed. This financial impact prompted CSR to suspend critical home banking functionalities, including instant bank transfer capabilities, as a containment measure. The breach remained undetected until early March when a CSR employee received a suspicious phone call from an individual spoofing the bank's official phone number.

The attacker posed as a cybersecurity operator from Palazzo Koch (Bank of Italy headquarters) during this call, instructing the employee to perform "fraud prevention" operations while providing a fabricated ticket number for legitimacy. The targeted employee—a First CISL union leader—attempted but failed to complete the requested actions, growing suspicious during the interaction. While maintaining contact with the imposter, the employee used a separate phone line to alert Bank of Italy's legitimate service desk, which confirmed the fraudulent nature of the call. This detection triggered internal alerts about potential system compromises, though the exact intrusion timeline and initial attack vector weren't specified in available reports. Consequences included confirmed theft of employee savings, prolonged disruption of banking services, and heightened concerns about the integrity of salary and pension disbursement systems. No public statements from CSR or Bank of Italy officials were referenced regarding remediation efforts beyond the temporary service restrictions.