Postel Spa, which provides document management and marketing communication services for businesses and public administrations, had neglected to update its systems despite being warned about the vulnerability in 2022 by both the software manufacturer and the Italian National Cybersecurity Agency. This oversight allowed hackers to exploit the flaw, gaining access to personal information such as contact details, payment data, criminal records, health information, and union affiliations.
The stolen data was later leaked on the dark web, severely compromising the privacy and security of the affected individuals. Despite being aware of the breach, Postel failed to provide adequate details to the Garante about the security measures it had implemented to mitigate the risk. This lack of cooperation further delayed investigations.
In addition to the hefty fine, the Garante has ordered Postel to conduct an in-depth vulnerability analysis and develop a comprehensive plan to detect and address future security risks, ensuring timely responses to any emerging threats. This case underscores the importance of maintaining robust cybersecurity protocols and compliance with data protection regulations to safeguard against future attacks.
Source: HDblog
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.