A threat actor has allegedly put the database and system access for the Municipality of Canegrate, a local government entity located in Milan, Italy, up for sale on a cybercrime forum. The seller is asking for $500 for the compromised data. The Municipality of Canegrate is a public administration body responsible for providing essential services to its local residents, making this breach a significant threat to citizen privacy and municipal operations.
The threat actor provided screenshots as proof of the breach, which appear to show a wide range of sensitive information. The allegedly exfiltrated data includes databases containing personal information of residents, as well as internal system credentials. Based on the provided samples, the compromised data seems to originate from multiple databases related to various municipal services.
The leaked data allegedly includes:
- Resident information (names, surnames, tax codes, dates of birth)
- Internal operator and user credentials (usernames and passwords)
- Database tables related to municipal management (
comune_db) - Database tables for public education services (
iss_db) - Databases for social and economic aid (
aa_db,cc_db) - Official public records database (
albopretorio_db) - Databases for productive activities (
attivita_db)
