The government of Italy was hit with a major cyberattack, violating data privacy by exposing thousands of Italian certified email accounts, including around 9,000 magistrates, as well as members of a top inter-governmental security agency.
“This was the worst attack we have had since January this year and it has had important repercussions, but … the situation is under control,” said Roberto Baldoni, who is in charge of state cybersecurity, according to Reuters.
The attack — launched on November 12 — targeted a server near Rome which handles certified email accounts for the public administration. Cybercriminals could have gained access to data from around 500,000 accounts. However, it is unknown which accounts have been breached.
“The only thing we know for sure is that this attack was not launched from Italy,” Baldoni said.
As a result of the breach, the IT system used by Italy’s appeals courts was suspended and Italians with certified email accounts have been asked to change their passwords immediately.
“It was a serious attack, even if, at first sight, it didn’t seem too refined from a technical perspective,” Baldoni said.
Italy is certainly not the only country dealing with cybersecurity issues. In fact, the U.S. Securities and Exchange Commission (SEC) recently issued a stern warning to public companies: tighten cybersecurity controls or risk being in violation of federal law.
The regulator issued a report based on the SEC Enforcement Division’s investigations of nine public companies that lost millions of dollars as the result of cyber fraud. The companies, which each had securities listed on a national stock exchange, were in sectors including technology, machinery, real estate, energy, financial, and consumer goods.
“Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies,” SEC Chairman Jay Clayton said. “Investors rely on our public issuers to put in place, monitor, and update internal accounting controls that appropriately address these threats.”