Overview

• The Garante per la privacy has initiated emergency safeguard measures and is auditing hotels that reported the theft of over 70,000 identity scans collected between June and July.
• The Agenzia per l’Italia Digitale alerted authorities on August 6 and updated its findings on August 8 and 11, confirming the large-scale exfiltration by the Mydocs cybercriminal group.
• Attackers listed more than 70,000 high-resolution scans of passports and ID cards from at least four Italian hotels and one Spanish property on dark-web forums.
• The Polizia Postale is investigating the breach, with affected hotels such as Regina Isabella in Ischia cooperating with law enforcement and tightening their cybersecurity controls.
• Experts warn that stolen identity scans can be used for forged documents, fraudulent bank accounts, and social-engineering schemes, and recommend guests monitor for suspicious activity.