Stolen Identities of Over Thirty Thousand Tourists in Italy
In a significant cybersecurity incident, a criminal hacker group known as Mydocs has infiltrated the booking systems of at least 10 Italian hotels, including one in Mallorca, Spain. The hack has resulted in the theft and sale of around 90,000 to 100,000 high-resolution scans of passports, ID cards, and other personal identification documents collected from guests during check-in.
The affected hotels, which include luxury and city hotels in locations such as Venice, Trieste, Capri, and Mallorca, have had sensitive data compromised. For instance, the four-star "Ca' dei Conti" hotel in Venice alone had about 38,000 documents stolen.
The types of personal data stolen consist mainly of high-resolution scans of passports, national ID cards, and other identity documents required upon hotel check-in. This data is highly sensitive and can be exploited for fraudulent activities, including the creation of false documents, opening bank accounts or lines of credit, social engineering attacks, and digital identity theft with serious legal and financial consequences for victims.
The stolen data is being sold on the Darknet in pixelated form at prices ranging from 800 to 10,000 euros or about $1,000 to $10,000 per record. Authorities, including the Italian Agency for Digital Italy (AgID), the national cybersecurity teams, and the Italian Data Protection Authority, are investigating the breach. They are urging affected hotels to warn guests and implement immediate data protections.
The breach covers data stolen from June to August 2023, with some uncertainty about how many years of data were compromised. The state agency for Digital Italy (Agid) reported the incident.
This cyberattack significantly endangers the privacy and financial security of thousands of hotel guests, both Italian and international. Guests must present identification documents at hotel check-in, which are usually copied at the reception and digitized using computer systems. The hacked hotels use computer systems for automated digitization of guest's identification documents.
The authorities are working diligently to contain the damage and protect the affected individuals. They encourage anyone who has stayed at the affected hotels during the relevant period to monitor their financial and personal information closely and to report any suspicious activity to the appropriate authorities.
Technology news outlets are reporting that the stolen data from the Mydocs cybersecurity incident, which affected at least 10 Italian hotels, is being sold on the Darknet, potentially posing a significant risk to the cybersecurity and general-news sectors. The stolen high-resolution scans of passports, ID cards, and other personal identification documents could lead to crime-and-justice issues such as fraudulent activities, identity theft, and social engineering attacks.
