teiss – News – Trenitalia notifies customers of cybersecurity breach exposing personal information
teiss – News – Trenitalia notifies customers of cybersecurity breach exposing personal information
Publish Date: 2026-07-02 06:31:00
Source Domain: www.teiss.co.uk
Using an unordered list, summarize the following article with between 4 and 8 key points. Italian state-owned rail operator Trenitalia has notified customers of a cybersecurity incident that exposed a substantial amount of personal information, including names, contact details, travel information and loyalty card numbers.
The company emailed potentially affected customers on June 26 to inform them that cybercriminals may have accessed a range of personal data. The exposed information may include customers’ names, surnames, dates of birth, addresses, email addresses, phone numbers, travel details, loyalty card numbers, professional information and identification details.
Trenitalia said payment information and account login credentials were not compromised in the incident.
The company has notified the Italian Data Protection Authority and Italy’s national Computer Security Incident Response Team of the breach. It has also filed a complaint with the Rome Public Prosecutor’s Office. The identity of the attackers has not been determined, and the company has not issued a public statement about the incident.
The breach was first detected in October 2025. Reports indicate customers’ personal data may have been exposed on the dark web for several months. It remains unclear whether the stolen information has been misused.
In its notification to customers, Trenitalia said identifying those affected required extensive technical and security investigations. The company said its information technology teams reconstructed unauthorized access in detail before determining which customers had been impacted and sending notifications.
Under Italian law, organizations must notify the relevant authorities, including the Data Protection Authority, within 72 hours of becoming aware of a personal data breach.