Massive 2.3 TB Leak: Italian Railway Contractor Almaviva Confirms Data Breach

A cyber incident at Almaviva, a key contractor for Italy’s national railway group FS Italiane, has resulted in a massive cache of internal documents appearing on the dark web. The scale of the leak immediately drew heightened scrutiny, as a multi-terabyte archive containing confidential materials was published online.

The source who uploaded the file to the dark web claimed to possess 2.3 terabytes of stolen data. The collection reportedly includes operational records and internal documentation from FS Italiane’s business activities.

Francesco Draghetti of D3Lab stated that the leaked materials include recent files, extending into the third quarter of 2025, and noted that the folder structure strongly resembles typical data dumps created by groups that combine network intrusions with the resale of stolen information. He added that the archive does not match any leaks from prior years, further reinforcing the likelihood of a fresh compromise.

FS Italiane oversees rail transport across Italy, managing infrastructure, logistics, and bus networks nationwide. Almaviva, which provides digital support to a wide range of clients, operates globally and offers services in IT development, systems integration, and consulting.

After an extended period of silence, Almaviva eventually confirmed the breach. The company told Italian media that monitoring systems had detected suspicious activity, after which the incident was isolated — though some files were nonetheless exfiltrated. Response procedures equivalent to those used for critical-severity incidents were activated to preserve the stability of core services.

According to company representatives, the police, the national cybersecurity agency, and the data protection authority have all been notified. The investigation remains ongoing with the involvement of government bodies, and the company has pledged to share subsequent findings. For now, it remains unclear whether passenger data was compromised or whether clients beyond FS Italiane have been affected.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy