Stolen Identities of Multiple Thousands of Tourists in Italy
Cyber Attack Compromises Identity Documents of 100,000 Hotel Guests in Italy
Italy has been the target of a cyber attack that breached the booking systems of at least ten hotels between June and August 2025, resulting in the theft of nearly 100,000 high-resolution scans of identity documents from hotel guests[1][2][3][4]. The Italian Digital Agency (AGID) has confirmed the breach and detected the illegal sale of these documents on dark web forums by a hacker known as “mydocs”[1][3][4].
Affected Hotels
Officially, the names of the affected hotels have not been publicly disclosed by Italian authorities[2][3][4]. However, cybersecurity experts have identified them as multiple hotels within Italy, including both luxury and city hotels[2][3]. One report mentions several Italian hotels and also one Spanish resort identified by a cybersecurity company, though authoritative confirmation is lacking[3].
Nationalities of the Guests Affected
Both Italian and foreign guests who stayed in these hotels are impacted, as the stolen identity documents belong to guests from various nationalities, not exclusively Italians[2]. The breach involved tens of thousands of scanned IDs from guests during check-in, implying a broad international impact due to Italy’s tourism diversity[1][2][3].
Impact and Response
Authorities warn that the stolen data could be used for identity theft, financial fraud, and social engineering attacks. Guests affected are advised to remain alert for phishing scams and contact hotels directly if they suspect their data was compromised[2][3][4]. The Italian Data Protection Authority is investigating the breach, urging hotels to secure data and notify customers[3].
One of the affected hotels is the four-star "Ca' dei Conti" hotel in Venice. The documents stolen are now being offered for sale in the darknet, priced between 800 and 10,000 euros[4].
Methods and Automation
The methods used by the hackers have not been disclosed publicly. However, it is worth noting that many hotels in Italy have automated digitization systems for these registration processes[4].
This incident serves as a reminder for hotels to prioritize data security and for travellers to be vigilant about the protection of their personal information.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4]
- The cybersecurity implications of the breach extend beyond Italy, as the stolen identity documents belonged to guests from various nationalities.
- The cyber attack on Italian hotels not only affected luxury hotels but also city hotels, as reported by cybersecurity experts.
- The breach highlighted the importance of General-News about technology and cybersecurity, as it underscored the need for hotels to prioritize cybersecurity to protect their guests' identity documents.
