The breach originated from a third-party customer support service rather than InfoCert’s core systems. InfoCert assures that no credentials or passwords for its services—such as SPID access, certified email, or digital signatures—have been compromised. However, the exposed data could be exploited for phishing attacks, where cybercriminals use stolen contact details to deceive users into providing sensitive information, such as passwords.
The attack was detected on December 27, the same day the stolen data was listed for sale on BreachForums. The data reportedly includes 1.1 million phone numbers and 2.5 million email addresses. InfoCert has collaborated with its vendor to mitigate the breach and has notified relevant authorities.
SPID, a cornerstone of digital identity in Italy, allows users to access government services securely. InfoCert, a major SPID provider and a certified Qualified Trust Service Provider under European eIDAS regulations, has emphasized its commitment to user security while addressing vulnerabilities linked to third-party services.
The incident highlights the growing risks posed by supply chain attacks and reinforces the importance of vigilance against phishing schemes. InfoCert advises users to remain cautious and verify any suspicious emails or messages they receive.
Source: Corriere della Sera
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.