Author of the large-scale illicit activity is the cybercriminal group 'Mydocs', which then put the material up for sale on a dark web forum
They targeted four-star hotels across Italy to hack thousands of identification documents: high-resolution scans of passports and identity cards were taken from unsuspecting guests during check-in.
The author of the large-scale illicit activity is the cybercriminal group 'Mydocs', which then put the material up for sale on a dark web forum.
The illicit activity began last June. Over the past weekend - according to the findings of the Agenzia per l'Italia Digitale (AgID) - the cyberpirate group published new posts announcing that it had put more than 70,000 'exfiltrated' documents from four different Italian hotels up for sale on the digital platform.
Among the facilities hit by the cyber blitz was the Ca' dei Conti hotel in Venice, from which 38,000 images were allegedly stolen in July.
Other data thefts allegedly took place at the hotels Casa Dorita in Milano Marittima (2,300 documents), Regina Isabella in Ischia (30,000) and Hotel Continentale in Trieste (17,000).
Documents were put on the net and, in some cases, the faces of the real owners were blurred with pixels. The cyber criminals also set a kind of price list, with figures ranging from 800 to 10,000 euro.
The AgID report dates back to 6 August, and the Postal Police is also working on the case. The Agency explains that personal documents can 'represent a very valuable asset' for criminal organisations operating on the web.
The documents that end up on the 'market' can, in fact, be used for different types of fraud: 'Creation of false documents,' AgID explains, 'based on real identities, opening fraudulent bank accounts or credit lines, but also for so-called social engineering activities, aimed at targeting victims or their personal and professional circles.
In the light of these attacks, which target accommodation facilities even of the highest level as demonstrated by the latest cyber incursions, the Agency states that it is 'fundamental' for those who collect and manage identity documents to 'adopt strict measures for the protection and security of information, ensuring not only the correct processing of data, but also the safeguarding of their systems and digital portals from unauthorised access'.
Loading...
Brand connect
Loading...