Italian Hotels Targeted in Major Data Breach: Thousands of Guest IDs Stolen and Sold Online
Italy’s national cybersecurity agency, CERT-AGID (Computer Emergency Response Team of the Agency for Digital Italy), has issued a critical warning following a significant data breach affecting multiple hotels across the country. According to CERT-AGID, cybercriminals have stolen and are now selling high-resolution scans of identity documents collected by hotels during guest check-ins.
The hacker group behind the breach, known as “mydocs,” reportedly infiltrated the booking systems of at least ten Italian hotels during the summer months of June and July. The stolen data includes tens of thousands—possibly up to 100,000—scanned IDs such as passports and national identity cards. These documents are now being sold on dark web forums, with prices ranging from $1,000 to $10,000.
Both Italian nationals and international travelers are affected, with the targeted hotels including luxury and city-center establishments. Although CERT-AGID has not disclosed the names of the compromised hotels, they urge all recent and past hotel guests to remain vigilant, as it is unclear how long these hotels have been storing scanned ID documents.
Potential Risks of the Breach
CERT-AGID warns that the stolen identity documents could be exploited in several ways:
– Creation of fake identification documents
– Opening fraudulent bank accounts or credit lines
– Social engineering attacks targeting victims and their contacts
– Digital identity theft, which can lead to serious financial and legal consequences
Authorities recommend that anyone who has stayed at an Italian hotel and suspects their data may have been compromised should contact the hotel directly and be on high alert for phishing scams or other suspicious activity.
How to Protect Yourself After a Data Breach
If you think your personal information may have been exposed in this or any other data breach, here are some steps you can take to protect yourself:
1. Follow the vendor’s instructions: Each breach is different. Check the hotel’s website or contact them directly for specific guidance.
2. Change your passwords: Update your passwords immediately, especially if you used the same one elsewhere. Use strong, unique passwords or a password manager to generate and store them.
3. Enable two-factor authentication (2FA): Use a FIDO2-compliant device (like a hardware key or smartphone) for added security. These methods are more resistant to phishing than traditional 2FA.
4. Be cautious of impersonators: Scammers may pose as hotel representatives or other trusted entities. Always verify the identity of anyone contacting you through an independent communication channel.
5. Don’t rush: Phishing emails often create a false sense of urgency. Take your time to evaluate messages before clicking links or providing information.
6. Avoid storing payment details online: While convenient, saving your card information on websites increases your risk if those sites are compromised.
7. Set up identity monitoring: Services that monitor the dark web for your personal information can alert you to potential misuse and help you recover if your identity is stolen.
Stay Proactive About Your Digital Security
Cybersecurity threats are more than just headlines—they can have real-world consequences. Protect yourself and your loved ones by investing in identity protection services and staying informed about the latest threats.
For more information on protecting your digital identity, visit Malwarebytes’ Identity Theft Protection page.
Source: malwarebytes.com