Vacationer identity data of thousands stolen in Italy - Stolen Identities of Over 50,000 Tourists in Italy Revealed
In a concerning turn of events, a cybercriminal group named "mydocs" has stolen the personal data of tens of thousands of tourists from at least ten Italian hotels between June and August 2025. The stolen data includes high-resolution scans of passports, ID cards, and other identification documents [1][3][4][5].
Affected Hotels
Several high-end and notable hotels have been targeted in this incident. Among them are the Ca' dei Conti hotel in Venice (approx. 38,000 documents stolen), Casa Dorita hotel in Milano Marittima (about 2,300 documents), Regina Isabella hotel in Ischia (about 30,000 documents), and Hotel Continentale in Trieste (around 17,000 documents) [1][2][4].
Victims' Nationalities
While primarily Italian guests are affected, as the hotels are in Italy, foreign guests have also been affected. German nationals have been confirmed among the victims, based on direct reports [2][4].
Price of Stolen Data
The stolen identity documents are being sold on dark web forums at prices ranging roughly from 50 cents per copy to several thousand euros, depending on the package. Prices from €800 to €10,000 have been reported for bundles [1][2][4].
Ongoing Investigations and Official Responses
Italy's Agency for Digital Italy (AgID) and its cybersecurity team CERT-AGID are investigating the breach and have verified the authenticity of the stolen data [3][5]. The Italian Data Protection Authority (DPA) has launched its own inquiry and urged hotels to strengthen data protection and notify customers [3].
Authorities warn victims of risks including fraudulent document creation, opening of bank accounts, social engineering, and digital identity theft with severe financial and legal consequences [3][4][5]. Guests are advised to contact the hotels where they stayed and remain vigilant against scams using their personal information [4].
No public detailed official listing of all affected hotels, beyond the few identified by cybersecurity firms and media, has been released as investigations continue [3][5].
Risks and Consequences
The theft of such sensitive information poses a significant risk, with potential consequences including identity theft and fraud. The stolen data required for check-in could be used for various malicious activities, such as creating false documents, opening bank accounts, and engaging in social engineering [3][4][5].
This incident underscores the vulnerability of personal data in the digital age, particularly in the hospitality industry, and highlights the need for hotels to prioritise data security measures to protect their guests' information.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5]
- The community is urgently calling for a revised community policy and improvement in the hotels' employment policies to address the lapses in data protection, particularly in the face of the recent cybersecurity breach affecting several Italian hotels.
- As technology advances, it is crucial for these hotels to implement stringent technology-focused measures in their employment policies, including regular training programs on cybersecurity threats and best practices, to deliver better protection for their clients' personal data.
