Dussmann Service S.r.l.

Dussmann Service S.r.l. operates as an Italian subsidiary of a German multinational corporation, with its headquarters located in Germany. The organization's core business involves providing school meal services, specifically managing meal programs and processing associated payments for educational institutions. Its operational footprint is notably present in Padova, Italy, where it serves children and their families within the municipal school system. A fundamental aspect of its service model entails the collection and handling of sensitive personal information, including banking details used for meal payments and comprehensive pupil records. This positioning places it within the critical education support sector, where it manages financial transactions and personal data for a vulnerable demographic. The company's activities therefore intersect with significant data privacy and security responsibilities due to the nature of the information it processes.

In July 2022, the organization was the target of a significant cyberattack that directly impacted its operations in Padova. The incident resulted in the potential compromise of personal data belonging to approximately 7,000 children and their families, exposing sensitive financial and educational records. The breach raised immediate concerns regarding identity theft, fraud, and phishing risks for the affected individuals. In response, the company activated an internal task force, suspended its servers and workstations at its Bergamo operations center, and temporarily transitioned to laptop-based operations to maintain essential functions. The attack exhibited characteristics consistent with ransomware and was assessed as part of a broader, coordinated campaign against the organization. Municipal authorities notified affected parties, and the incident was reported to the Italian national privacy regulator, with investigations continuing into the full scope and attribution of the attack. This event underscores the operational and reputational risks associated with handling large volumes of sensitive personal and financial data within the public service sector.