Trenitalia informed some customers that it had suffered a cyber attack which allowed unidentified external parties to gain unauthorized access to personal data, mainly linked to travel tickets. What is potentially involved are personal information, contact details and details of purchased trips.
However, Trenitalia reassured passengers on a fundamental point: no account access data, personal credentials or payment information, such as card number, expiry or security code, were compromised.
The company confirmed that it had adopted all the necessary measures to secure the systems and notified the Personal Data Protection Authority and CSIRT Italy of the incident, submitting a complaint to the Public Prosecutor’s Office at the Court of Rome.
What passenger data was exposed in the hacker attack
The categories of personal data potentially accessible by hackers are those associated with travel tickets present in the company’s IT systems. In particular, the company has specified that the categories include:
- Personal and identification data such as name, surname, date and place of birth of the passenger and, if different, of the person who made the purchase;
- Contact data such as email address and telephone number;
- Travel data, such as route, date, time and ticket number;
- Loyalty card code, if associated with the travel ticket;
- Employer company/entity that purchased the travel ticket;
- Type of offer or service purchased;
- Any identity document details provided;
- Data connected to the generation of the travel ticket.
The company specified that identifying the affected customers took time due to the complexity of the technical analyzes necessary to reconstruct the improper access in detail.
What to do if you have received the Trenitalia email
Trenitalia reassured customers on a fundamental point: the access credentials and data relating to payment methods have not been compromised. However, it is important to pay attention to any suspicious messages or misleading contact attempts relating to travel tickets, especially if they request personal or financial data or contain unexpected links or attachments: in case of doubt, Trenitalia recommends always checking the reliability of the sender. The company also reminded that it will never contact its customers to ask for passwords or payment information.
For any clarification, the company has activated an assistance service, which allows you to send a request via the official Trenitalia webform, selecting the “Privacy – Management of personal data” option and entering the reference code present in the communication received.
