On December 27, 2022, Infocert, a leading provider of digital identity services for citizens and businesses, fell victim to a large-scale cyberattack resulting in the theft of personal data from approximately 5.5 million users. The breach has raised serious concerns about the security of sensitive information, especially as it pertains to the management of the public digital identity system known as SPID.
The attack was claimed by cybercriminals the following day, who stated they had exfiltrated extensive amounts of data, which included around 1.1 million phone numbers and 2.5 million email addresses, among other sensitive information. The hackers reportedly publicized this data online, offering it for sale at approximately $1,500, which raises alarm about the security measures implemented by digital identity providers.
Infocert, part of the Tinexta Group, confirmed the incident through their official channels, noting it involved unauthorized access to information managed by a third-party supplier responsible for their customer support platform. The company emphasized, "Nessuna credenziale è stata compromessa" (No credentials were compromised), highlighting their confidence in the integrity of their main services, including digital identity transactions and electronic signatures.
This breach has significant repercussions, as Infocert oversees 1.8 million active SPID identities and services millions of users accessing various public and private digital gateways. Customers have been left uncertain, as many rely on Infocert not just for identification, but also for accessing important services provided by the government, such as social security or tax information.
According to Infocert's communications, the nature of the compromised data was limited to information necessary for customer support interactions, such as names, email addresses, tax codes, and details surrounding support requests. Infocert reassured users, stating, "We have launched investigations and are notifying the competent authorities," affirming their commitment to address the breach thoroughly.
The details of the attack reveal it likely exploited vulnerabilities within the ticketing system used to process customer inquiries. Cybersecurity experts have cautioned against potential phishing threats as hackers could utilize the stolen information to impersonate Infocert or other services. They stated, "This incident emphasizes the growing vulnerability of digital platforms managing sensitive information," underscoring the importance of maintaining high security standards.
To mitigate risks, cybersecurity professionals recommend users: check their accounts for any suspicious activity, avoid responding to emails from unknown sources, and regularly change passwords. It's also wise to enabled two-factor authentication wherever available, providing additional layers of security against unauthorized access.
Infocert's incident is not isolated; it follows closely on the heels of other recent cyberattacks, such as the incidents affecting the airports of Milan Linate and Malpensa, signaling increasing threats posed to Italy's digital infrastructure. The company, boasting revenue of 137 million euros and around 10 million customers across government and private sectors, has established itself as pivotal in providing secure digital services.
The aftermath of the attack raises serious questions about the reliance on private companies for managing sensitive public information and highlights the need for continuous improvements within cybersecurity protocols on all fronts. The future of SPID and the trust users place in these systems may hinge on the lessons learned from such breaches.
Moving forward, Infocert has pledged to strengthen their cybersecurity measures amid this incident, aiming to restore user confidence. Their efforts will undoubtedly serve as a case study for other organizations facing similar threats, reiterate the necessity for rigorous security measures, and signify the challenges faced by digital identity providers worldwide.