Hacker Steals 2.3TB of Data from Italian Rail Giant Almaviva
▼ Summary
– A threat actor breached Almaviva, an IT services provider for Italy’s state-owned railway operator FS Italiane Group, and leaked 2.3 terabytes of data on a dark web forum.
– The leaked data includes recent confidential documents, technical documentation, contracts, HR archives, and accounting data from FS Group companies, with files dated from the third quarter of 2025.
– Almaviva confirmed the cyberattack, stating it identified and isolated the breach, activated security procedures, and informed authorities including police and cybersecurity agencies.
– Almaviva is a major global IT services company with over 41,000 employees and $1.4 billion annual revenue, while FS Italiane Group is a state-owned railway operator with over $18 billion in revenue.
– It remains unclear if passenger data was included in the leak or if other Almaviva clients beyond FS Group were affected by the breach.
A significant data breach has compromised the IT infrastructure of Almaviva, a major service provider for Italy’s state-owned railway operator, the FS Italiane Group. A threat actor has reportedly stolen 2.3 terabytes of sensitive corporate data, which has since been published on a dark web forum. The leaked information is said to include confidential documents, internal company files, and a wide array of proprietary material.
According to the hacker’s claims, the stolen data encompasses internal file shares, multi-company repositories, technical documentation, contracts with public entities, human resources archives, and detailed accounting records. Complete datasets from multiple companies within the FS Group are also believed to be part of the leak.
Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, analyzed the incident and confirmed the data appears to be recent, with documents dating to the third quarter of 2025. Draghetti dismissed speculation that the files were recycled from an earlier 2022 Hive ransomware attack against the company. He noted that the structure of the data dump, organized into compressed archives sorted by department and company, aligns closely with the methods used by ransomware groups and data brokers active in 2024 and 2025.
Almaviva is a prominent global IT firm specializing in software design, system integration, IT consulting, and customer relationship management solutions. With approximately 41,000 employees across nearly 80 branches worldwide, the company reported an annual turnover of $1.4 billion last year. Its client, FS Italiane Group, is fully state-owned and ranks among Italy’s largest industrial enterprises, generating over $18 billion in yearly revenue. FS manages national railway infrastructure, passenger and freight transport, bus services, and logistics operations.
Although initial press inquiries to both Almaviva and FS went unanswered, Almaviva later issued a statement to local media acknowledging the incident. The company confirmed that in recent weeks, its security monitoring systems detected and subsequently isolated a cyberattack that resulted in data theft. Almaviva stated it immediately activated its security and incident response protocols, ensuring the protection and continuous operation of all critical services.
The firm also reported the breach to relevant national authorities, including the police, the national cybersecurity agency, and the data protection authority. An official investigation is currently underway with support and oversight from government agencies. Almaviva has committed to providing transparent updates as the investigation progresses and more details come to light.
At this stage, it remains uncertain whether passenger data was included in the stolen information or if other Almaviva clients beyond the FS Group have been affected. Follow-up media requests for additional information have so far gone unanswered.
(Source: Bleeping Computer)
