Stolen identities of many vacationers in Italy: IDs of over ten thousand tourists at risk
In a concerning turn of events, a cyberattack has targeted hotels in Italy and Spain, compromising the data of tens of thousands of tourists. The stolen data includes high-resolution scans of passports, ID cards, and other identification documents from hotel guests at approximately ten hotels across Italy and one luxury hotel on the Spanish island of Mallorca.
The breach, which has been ongoing since June, has affected tourists from multiple countries, including both Italians and foreign nationals. According to Italy's cybersecurity agency AGID and cybersecurity firms monitoring the incident, the stolen data includes information from foreign tourists as well as Italians [1][2][3].
Cybersecurity company Hackmanac has identified several affected hotels, including Italian hotels and the Spanish resort in Mallorca, suggesting that the reach of the breach could involve tourists from Spain and potentially other countries [2]. However, detailed nationality breakdowns of the affected tourists are not publicly available.
In Italy, hotel guests are required to register with identification documents, which are usually copied at reception. The affected hotels are located in cities like Venice, Trieste, and the island of Capri, with the four-star "Ca' dei Conti" hotel in Venice being among the most affected, with around 38,000 documents compromised.
Italian police have identified a criminal hacker group known as Mydocs as being responsible for the hacking incident. The documents, now being offered for sale on the dark web, are pixelated [1][2][3][4]. Prices for these documents range from 800 to 10,000 euros, according to Italy's Agency for Digital Italy (Agid) [1].
Many hotels in Italy have adopted computer systems for automated digitalization, making the breach even more concerning. In response to the incident, hotel owners are urged to review their security measures and consider implementing enhanced security protocols to protect their guests' data.
This incident serves as a reminder of the importance of data security, particularly in the hospitality industry. As more businesses move towards digitalization, it is crucial to prioritize security measures to protect sensitive information.
[1] La Repubblica [2] Hackmanac [3] AGID [4] Il Sole 24 Ore
- The breach, involving hotels in Italy and Spain, has exposed the data of tens of thousands of tourists, as reported by AGID, Italian cybersecurity agency, and various cybersecurity firms. This stolen data includes information from foreign tourists as well as Italians.
- This cyberattack, allegedly orchestrated by the criminal hacker group Mydocs, has raised concerns about the security of sensitive data in the hospitality industry, as more businesses adopt technology for digitalization.
