Kyma Mobilità

Kyma Mobilità, also known simply as Kyma Mobilità, provides mobility applications and services to users in Italy. The organization’s offerings are delivered through mobile applications that users can download and use. These applications are made available to the public via mobile platforms that support travel‑related interactions. By focusing on mobile‑based mobility solutions, Kyma Mobilità operates within the Italian market for digital transport services. The organization’s core offering is limited to the mobility apps referenced in the breach notification.

On March 29, 2025, Kyma Mobilità was notified by its service provider MyCicero of a personal data breach affecting some users of its mobility apps. The breach originated from malicious activity by unidentified external actors that compromised a subcontractor’s data center in Milan. As a result, personal information including names, surnames, gender, dates and places of birth, tax codes and contact details was unlawfully extracted. The organization confirmed that no special‑category data were involved in the incident. Following the discovery, Kyma Mobilità notified the relevant data‑protection authority and sought clarification from both the data controller and its sub‑processors. It also made contact details available for affected individuals seeking further information.

The incident response highlights Kyma Mobilità’s adherence to regulatory obligations under the EU General Data Protection Regulation, particularly the requirement to inform authorities and affected individuals under Article 34. By maintaining contact details for users seeking further information, the organization demonstrates a commitment to transparency after a security event. Kyma Mobilità relies on third‑party service providers such as MyCicero for certain aspects of its service delivery. This reliance underscores the importance of vetting subcontractors’ data‑center security, a consideration that shapes the organization’s risk‑management approach. Together, these factors define Kyma Mobilità’s distinguishing attributes in the areas of data‑protection compliance and service provision.

Information regarding Kyma Mobilità’s ownership structure, parent company or subsidiary relationships is not disclosed in the available sources. Consequently, no definitive statements can be made about its corporate affiliations or governance arrangements. The organization’s headquarters are located in Italy, as indicated in the provided context. No further details about equity holdings, investors or group membership are available for inclusion. This lack of explicit structural information limits the ability to describe its position within a larger corporate group.