Italy

Italy Fines WINDTRE €1.7 Million After Data Breaches Expose Customer Information

Italy’s data protection authority has fined telecom operator WINDTRE €1.7 million ($1.94 million) after identifying major weaknesses in the company’s cybersecurity systems that led to two unauthorized data breaches.

The breaches exposed personal information belonging to more than 365,000 customers, including contact details and, in some cases, payment-related information.

Hackers Posed as Support Technicians

According to the Italian regulator, the investigation began after WINDTRE notified authorities of the incidents in February 2025. The company is owned by CK Hutchison Holdings.

Investigators found that attackers gained access to corporate systems by impersonating support technicians and exploiting employees at two retail locations. The regulator said the incident highlighted significant shortcomings in the company’s access control procedures.

Payment Information Also Affected

The compromised data included customer names, contact details, and financial information. Authorities said 41,359 customers had payment-related data exposed, including:

  • Bank account details
  • Partially obscured credit card numbers
  • Credit card expiration dates

Although some payment information was masked, the regulator said the exposure still represented a serious security risk.

Key Findings From the Investigation

The data protection authority said WINDTRE failed to properly manage access credentials and digital certificates. It also found that the company’s security assessments were not thorough enough to detect vulnerabilities that should have been identified before the breaches occurred.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *