ePublic

ePublic is an Italian information technology provider headquartered in Italy, specializing in software-as-a-service (SaaS) solutions designed for municipal governments and public administration entities. The company develops and manages digital platforms that support core administrative functions for local authorities, including communications infrastructure through its integrated email management service based on Roundcube Webmail. Its offerings are positioned within the public sector cloud ecosystem, evidenced by the certification of its services under Italy's AgID cloud catalog, which governs secure digital solutions for the public administration. This certification indicates compliance with national standards for security, interoperability, and data sovereignty, anchoring ePublic's role as a vendor for government digital transformation. The firm's operational focus is on providing centralized, third-party technology infrastructure that municipalities rely on for daily operations, positioning it as an enabler of public service continuity and efficiency within the regional Italian governance framework.

The company's operational scale and the criticality of its role were highlighted by a significant security incident in January 2023. A database from its email management platform was leaked on an underground Telegram channel, exposing credentials and personal information from over 7,000 email accounts associated with multiple municipalities that used its services. This breach underscored the systemic risk posed to public sector entities that depend on centralized external providers for essential communications infrastructure. The disseminated data, which included hashed passwords, originated from a compromised database dump, illustrating the tangible impact of a supply chain vulnerability on local government data integrity. While the specific initial access vector was not confirmed, the event demonstrated ePublic's integration into the sensitive data handling chain for Italian public administration and the potential for widespread credential exposure across its client base. The incident serves as a documented case study in the cybersecurity challenges facing third-party vendors supporting the public sector, particularly those managing certified cloud services for government operations.