Data Breach Exposes Italy’s FS Italiane Group Through Almaviva IT Service Provider

A recent cyberattack has resulted in the exposure of sensitive data belonging to Italy’s national railway operator, the FS Italiane Group. The breach occurred through the organization’s IT services provider, Almaviva, with a threat actor claiming to have stolen 2.3 terabytes of data. This data was subsequently leaked on a dark web forum, including confidential documents and sensitive company information.

Almaviva, a prominent Italian company with a global presence, offers services such as software design and development, system integration, IT consulting, and customer relationship management products.

Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, confirmed the recent nature of the leaked data, which includes documents from the third quarter of 2025. The expert dismissed the possibility of the files being recycled from a previous ransomware attack. The leaked data reportedly encompasses internal shares, technical documentation, contracts with public entities, HR archives, accounting data, and datasets from various FS Group companies.

According to Draghetti, the structure of the data dump aligns with the modus operandi of ransomware groups and data brokers active in 2024-2025.

Almaviva, boasting over 41,000 employees across nearly 80 branches worldwide and an annual turnover of $1.4 billion, is a significant IT services provider. On the other hand, FS Italiane Group, a state-owned railway operator, is one of Italy’s largest industrial companies, generating over $18 billion in annual revenue. The group oversees railway infrastructure, passenger and freight rail transport, as well as bus services and logistics chains.

Despite unanswered press requests to Almaviva and FS by BleepingComputer, Almaviva eventually confirmed the breach through a statement to local media. The company promptly activated security measures and notified authorities, including the police, national cybersecurity agency, and data protection authority.

Almaviva has pledged to provide transparent updates as the investigation progresses, although the potential impact on passenger information and other clients remains uncertain.

For further inquiries, BleepingComputer reached out to Almaviva, awaiting a response.

Enhance your team’s security practices with our comprehensive guide, covering topics from managing old keys to safeguarding AI-generated code. Download the cheat sheet for foolproof secrets management.

Download Now