Massive Cyberattack on Italian Hotels Exposes Thousands of Identification Documents
The Italian Agency for Digitalization (Agid) has recently reported a concerning cyberattack that has targeted hotel servers throughout Italy. This incident has led to the theft of tens of thousands of secure identification documents, including passports and ID cards, with these sensitive images now being illegally traded on the dark web.
The Breach: Scale and Impact
The cybersecurity branch of Agid, CERT-AgID, first alerted authorities to this significant breach, which is estimated to involve nearly 100,000 compromised documents. The stolen data consists primarily of high-resolution images gathered during routine hotel check-ins. This data not only represents a substantial security threat to visitors but also to Italian citizens, as it heightens the risk of digital identity theft.
Unfolding Timeline of the Incident
The hacker, operating under the pseudonym “mydocs,” has taken responsibility for this extensive breach. The infiltration of hotel computer systems spanned over three months, from June to August 2025. Initially, it was believed that only a handful of hotels were compromised. However, on August 8, the hacker revealed a list of 17,000 stolen documents from an additional hotel on a dark web forum.
The following days saw an alarming increase in activity, with over 70,000 new identity documents advertised from four more hotels. By August 12, the total had climbed to 3,600 documents from two additional hotels, bringing the official count of affected establishments to ten. Authorities are on alert for more potential breaches as the investigation continues.
Agid’s Proactive Measures and Advisory
In light of this troubling development, the Italian Agency for Digitalization has initiated a comprehensive response plan. Agid is distributing advisories to all digital trust service providers, including SPID and various digital signature providers, emphasizing the need for heightened vigilance during document verification processes.
Officials have confirmed that the theft comprises tens of thousands of high-resolution scans from passports, ID cards, and various forms of identification collected during guest check-ins. This raises serious concerns about the potential misuse of such data for criminal activities, including forging identification and conducting financial fraud.
The Growing Threat of Digital Identity Theft
Hotels often gather large amounts of personal data from guests, rendering them attractive targets for cybercriminals. As this incident unfolds, CERT-AgID has urged both citizens and tourists to remain alert for signs of suspicious activity related to their personal information. Warning signs can include unexpected credit inquiries, unapproved access to financial accounts, or other indicators of digital identity theft. The public is encouraged to promptly report any suspicious activities to law enforcement.
As investigations proceed, Agid is collaborating closely with law enforcement and cybersecurity experts to mitigate damage and prevent future attacks. Although ten hotels have officially acknowledged the breach, the evolving nature of cyber threats suggests the full extent of the breach may still be unfolding.
Strengthening Cybersecurity Measures
In response to these incidents, the Italian Agency for Digitalization is urging all hotels to bolster their cybersecurity frameworks. Implementing best practices in data protection is not just prudent; it’s essential for safeguarding sensitive customer information. Agid has reiterated the serious consequences that victims may face, both financially and legally, should their identity documents be misused.
Tourists and citizens alike must take proactive steps to protect their information, raising awareness of their digital footprint. By doing so, they can help combat the growing threat of cybercrime and protect their identities in an increasingly digital world.
