The **FS Italiane Group**, Italy’s state-owned national railway operator, suffered a major data breach after a threat actor infiltrated its IT services provider, **Almaviva**. The attacker exfiltrated **2.3 TB of sensitive data**, including **confidential documents, technical documentation, HR archives, accounting data, contracts with public entities, and multi-company repositories** from FS Group subsidiaries. The leaked data, organized by department and company, spans recent documents from **Q3 2025** and aligns with the tactics of ransomware groups active in 2024–2025.While Almaviva confirmed the breach and isolated the attack, the full scope remains unclear—particularly whether **passenger data** or other clients beyond FS were compromised. Authorities, including Italy’s **national cybersecurity agency, police, and data protection authority**, are investigating. The breach risks **operational disruptions, financial losses, reputational damage, and potential regulatory penalties**, given FS Italiane’s critical role in managing **railway infrastructure, freight transport, and logistics chains** across Italy. The incident underscores vulnerabilities in third-party IT providers handling state-owned enterprise data.
Ferrovie dello Stato Italiane S.p.A. cybersecurity rating report: https://www.rankiteo.com/company/ferrovie-dello-stato-s-p-a
"id": "FER0933509112125",
"linkid": "ferrovie-dello-stato-s-p-a",
"type": "Breach",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': ['FS Italiane Group (confirmed)',
'Potentially other clients '
'(unconfirmed)'],
'industry': 'Information Technology',
'location': 'Italy (global operations)',
'name': 'Almaviva',
'size': 'Over 41,000 employees, ~80 branches worldwide',
'type': 'IT Services Provider'},
{'customers_affected': 'Unclear if passenger data is '
'included',
'industry': 'Transportation (Railway, Logistics)',
'location': 'Italy',
'name': 'FS Italiane Group',
'size': 'Over $18 billion annual revenue',
'type': 'State-owned Railway Operator'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'Unclear (potential '
'inclusion of '
'passenger data '
'unconfirmed)',
'sensitivity_of_data': 'High (confidential and sensitive '
'company information)',
'type_of_data_compromised': ['Internal shares',
'Multi-company repositories',
'Technical documentation',
'Contracts with public entities',
'HR archives',
'Accounting data',
'Complete datasets from FS Group '
'companies']},
'description': 'A threat actor breached Almaviva, the IT services provider '
"for Italy's national railway operator FS Italiane Group, "
'exposing 2.3 terabytes of sensitive data. The leaked data '
'includes confidential documents, technical documentation, '
'contracts, HR archives, accounting data, and datasets from FS '
'Group companies. The breach was confirmed by Almaviva, and '
'authorities have been notified. The investigation is ongoing.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Almaviva and FS Italiane Group',
'data_compromised': ['Confidential documents',
'Technical documentation',
'Contracts with public entities',
'HR archives',
'Accounting data',
'Complete datasets from FS Group companies'],
'systems_affected': ['Corporate systems of Almaviva']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['FS Italiane Group data',
'Multi-company '
'repositories']},
'investigation_status': 'Ongoing (with government agency assistance)',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'BleepingComputer'},
{'source': 'Andrea Draghetti (Head of Cyber Threat '
'Intelligence, D3Lab)'},
{'source': "Almaviva's statement to local media"}],
'regulatory_compliance': {'regulatory_notifications': ['Italian police',
'National '
'cybersecurity agency',
'Data protection '
'authority']},
'response': {'communication_strategy': 'Transparent updates as investigation '
"progresses (per Almaviva's statement)",
'containment_measures': ['Isolation of affected systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['Government agencies (police, '
'national cybersecurity agency, data '
'protection authority)']},
'title': 'Data Breach at Almaviva Affecting FS Italiane Group',
'type': ['Data Breach', 'Cyberattack']}