- A threat actor sells a huge database on the dark web
- They claim that it was taken in several hotels in Italy
- The country’s digital transformation agency confirmed the violation
A cybercriminal managed to enter the reservation system used by many hotels in Italy and to steal very sensitive information on thousands of guests, experts warned.
Recently, a threat actor with alias Mydocs has taken underground hacking forums to announce the sale of around 100,000 individual identity documents, including passport scans, identity cards, etc., which they claimed to have stolen it in several hotels across Italy.
At the beginning, the statements met the wider cybersecurity industry skepticism, but the Italian technical agency for digital transformation, AGID, has now confirmed the authenticity of the violation.
Abuse stolen data
At least ten hotels have been struck, the number perhaps increasing in the coming weeks, said Agid, suggesting that he had “intercepted” an illegal sale of documents.
“These data, once stolen, can be used for fraudulent purposes: from the creation of false documents to the opening of bank accounts, social engineering attacks and digital identity theft, with consequences for victims which can also be serious, both on an economic and legal point of view,” said Agid in a press release (translated from the machine) published on his website.
Mydocs may have inflated the figures or managed to steal the value of sensitive data, because some of the compromised hotels have only a few dozen rooms. In any case, an official survey is underway.
The hotel industry, since it manages very sensitive data, continues to be among the most targeted. Hotels and accommodation, restaurants, event planning agencies and tourist companies are frequent victims of ransomware, identity and data theft.
The victims are invited to remain vigilant with incoming communications, in particular the emails claiming to come from Italian hotels.
Via The register
