InfoCert, one of Italy’s leading providers of digital identity services, has confirmed a major data breach that exposed 5.5 million user records. The breach, which occurred in late December 2024, involved sensitive personal information such as 1.1 million phone numbers and 2.5 million email addresses. This incident has raised concerns about the security of third-party services and the potential risks to users’ private data.
The breach was traced back to an attack on a third-party supplier, rather than a direct compromise of InfoCert’s systems. This distinction is significant because it highlights the vulnerabilities that can arise from relying on external vendors for essential services. While InfoCert’s own systems, including user credentials for accessing its services, were not impacted, the exposed data still poses a significant risk to users, especially if it falls into the wrong hands.
On December 27, 2024, the stolen data was discovered being sold on a deep web forum for $1,500. This sale further underlines the growing threat of cybercrime targeting personal information, particularly when it is linked to essential services such as digital identity management. The stolen data could be used for various malicious purposes, including identity theft, phishing attacks, or fraud, leaving millions of users vulnerable.
In response to the breach, InfoCert has assured the public that it is working closely with law enforcement and cybersecurity experts to investigate the incident and mitigate its effects. While the breach is concerning, the company has emphasized that it did not involve a compromise of its core infrastructure or security protocols. Users are being advised to remain vigilant and take precautionary measures, such as changing passwords and monitoring accounts for unusual activity, to protect themselves from potential fallout.
