A threat actor has allegedly posted a database for sale containing the sensitive information of over one million users of Poste Italiane. The victim, Poste Italiane, is Italy’s national postal service provider. Beyond mail delivery, it is a massive conglomerate offering financial, insurance, payment, and mobile telecommunication services, making it a critical piece of infrastructure for Italian citizens and businesses. The alleged breach could have significant implications for a large number of individuals who rely on its diverse services.
The seller claims the database contains more than one million rows of user data. A sample of the data shared by the threat actor suggests a wide range of personally identifiable information (PII) has been compromised. The post on a dark web forum explicitly states that the following data types are included in the leak:
- Unhashed Passwords
- Phone Number
- Tax Code (Codice Fiscale)
- Profile Level
- Name
- Surname
