The **FS Italiane Group**, Italy’s state-owned national railway operator, suffered a severe data breach after a threat actor compromised its IT services provider, **Almaviva**. The attacker exfiltrated **2.3 terabytes of sensitive data**, including **confidential documents, HR archives, accounting data, technical documentation, contracts with public entities, and complete datasets from multiple FS Group subsidiaries**. The leaked data, described as recent (Q3 2025), was structured in compressed archives by department, aligning with ransomware group tactics. While Almaviva confirmed the breach and isolated the attack, the exposure of **internal corporate, financial, and employee records**—along with potential **public entity contracts**—poses critical operational, reputational, and legal risks. Authorities, including Italy’s cybersecurity agency and data protection watchdog, are investigating. The breach’s scope remains unclear regarding **passenger data involvement** or broader client impact beyond FS, but the theft of **multi-company repositories and sensitive business intelligence** underscores systemic vulnerabilities in Italy’s critical infrastructure.
Ferrovie dello Stato Italiane S.p.A. cybersecurity rating report: https://www.rankiteo.com/company/ferrovie-dello-stato-s-p-a
"id": "FER2502325112125",
"linkid": "ferrovie-dello-stato-s-p-a",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': ['FS Italiane Group (confirmed)',
'Potentially other clients '
'(unconfirmed)'],
'industry': 'Information Technology',
'location': 'Italy (global operations)',
'name': 'Almaviva',
'size': 'Over 41,000 employees, ~80 branches '
'worldwide, $1.4 billion annual turnover '
'(2024)',
'type': 'IT Services Provider'},
{'industry': 'Transportation (Railway, Bus, Logistics)',
'location': 'Italy',
'name': 'FS Italiane Group',
'size': "$18 billion annual revenue, one of Italy's "
'largest industrial companies',
'type': 'State-owned Railway Operator'}],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High (includes confidential and '
'sensitive company information)',
'type_of_data_compromised': ['Confidential documents',
'Internal shares',
'Multi-company repositories',
'Technical documentation',
'Contracts with public entities',
'HR archives',
'Accounting data',
'Complete datasets from FS Group '
'companies']},
'description': 'A threat actor breached Almaviva, the IT services provider '
"for Italy's national railway operator FS Italiane Group, "
'exposing 2.3 terabytes of sensitive data. The leaked data '
'includes confidential documents, internal shares, '
'multi-company repositories, technical documentation, '
'contracts with public entities, HR archives, accounting data, '
'and complete datasets from several FS Group companies. The '
'breach was confirmed by Almaviva, which stated it had '
'activated security procedures and informed authorities. The '
'investigation is ongoing, and it remains unclear if passenger '
'information was compromised or if other Almaviva clients were '
'affected.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Almaviva and FS Italiane Group',
'data_compromised': ['Confidential documents',
'Internal shares',
'Multi-company repositories',
'Technical documentation',
'Contracts with public entities',
'HR archives',
'Accounting data',
'Complete datasets from FS Group companies'],
'systems_affected': ['Corporate systems of Almaviva']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['FS Italiane Group data',
'Multi-company '
'repositories']},
'investigation_status': 'Ongoing (with government agency assistance)',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'BleepingComputer'},
{'source': 'Andrea Draghetti, Head of Cyber Threat '
'Intelligence at D3Lab'},
{'source': 'Almaviva public statement (via local media)'}],
'regulatory_compliance': {'regulatory_notifications': ['Italian police',
'National '
'cybersecurity agency',
'Data protection '
'authority']},
'response': {'communication_strategy': ['Public statement to local media',
'Transparency promised for updates'],
'containment_measures': ['Isolation of affected systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['Government agencies (police, '
'national cybersecurity agency, data '
'protection authority)']},
'title': 'Data Breach at Almaviva Affecting FS Italiane Group',
'type': ['Data Breach', 'Cyberattack']}