Recently, data from Italy’s national railway operator, the FS Italiane Group, was compromised after a threat actor breached their IT services provider, Almaviva.

The hacker responsible for the breach has asserted that they have taken 2.3 terabytes of data and shared it on a dark web forum. The leaked information reportedly contains confidential documents and sensitive company data.

Almaviva, a prominent Italian company operating globally, offers services such as software design, system integration, IT consulting, and CRM products.

Andrea Draghetti, the Head of Cyber Threat Intelligence at D3Lab, has confirmed that the leaked data is recent and includes documents from the third quarter of 2025. Draghetti dismissed the possibility of the files being recycled from a Hive ransomware attack in 2022.

Draghetti mentioned, “The threat actor claims the material includes internal shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting data, and even complete datasets from several FS Group companies.”

“The structure of the dump, organized into compressed archives by department/company, is fully consistent with the modus operandi of ransomware groups and data brokers active in 2024–2025,” added the cybersecurity expert.

Almaviva, with over 41,000 employees across nearly 80 branches worldwide and an annual turnover of $1.4 billion, is a significant IT services provider.

FS Italiane Group, a state-owned railway operator with more than $18 billion in annual revenue, manages railway infrastructure, passenger and freight rail transport, as well as bus services and logistics chains.

Although BleepingComputer’s inquiries to both Almaviva and FS were unanswered, Almaviva eventually confirmed the breach through a statement to local media.

Almaviva stated, “In recent weeks, the services dedicated to security monitoring identified and subsequently isolated a cyberattack that affected our corporate systems, resulting in the theft of some data.”

“Almaviva immediately activated security and counter-response procedures through its specialized team for this type of incident, ensuring the protection and full operability of critical services,” the company added.

The company has informed authorities in the country, including the police, the national cybersecurity agency, and the data protection authority. An investigation is underway with assistance from government agencies.

Almaviva has committed to providing transparent updates as the investigation progresses.

It remains uncertain if passenger information is included in the data leak or if the breach affects other clients beyond FS.

BleepingComputer has reached out to Almaviva for further information but has not received a response at the time of publication.

It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.

Discover how top leaders are translating investments into measurable impact.

Download Now