The Italian state railway operator, Ferrovie dello Stato (FS), has been impacted by a significant data leak originating from a cyberattack on one of its key suppliers, the Italian information and communications technology company Almaviva. Ferrovie dello Stato confirmed that there was unauthorized access to the IT systems of its supplier.

The ransomware group known as Hunters International has claimed responsibility for the attack. The group posted a notice on its dark web leak site, asserting that it had stolen 2.5 Terabytes of data from the Italian railway operator.

Details of the Stolen Data Claim

According to the post made by Hunters International, the exfiltrated data is extensive and sensitive. The group claims the stolen information includes a large volume of personal data, contracts, and medical records. This announcement was made public on the group’s dedicated leak site, a common tactic used by ransomware gangs to pressure their victims.

Official Response and Group Background

In response to the incident, Ferrovie dello Stato issued a statement confirming the breach at its supplier. The operator specified that its own technological infrastructure was not compromised in the attack. The company also stated it is actively working with the supplier and the relevant authorities to manage the consequences of the security incident. As of the initial reports, Almaviva had not released a public statement regarding the breach.

Hunters International is identified as a Ransomware-as-a-Service (RaaS) operation that first appeared in mid-2023. Security researchers believe the group is a rebrand of the notorious Hive ransomware operation, which was dismantled by international law enforcement. Hunters International primarily focuses on data exfiltration and extortion rather than solely encrypting victim systems.

Source: https://securityaffairs.com/184907/data-breach/massive-data-leak-hits-italian-railway-operator-ferrovie-dello-stato-via-almaviva-hack.html