FDSIS
Company Details
Linkedin ID:
ferrovie-dello-stato-s-p-a
Website:
Employees number:
29,662
Number of followers:
612,302
NAICS:
5612
Industry Type:
Homepage:
fsitaliane.it
IP Addresses:
0
Company ID:
FER_2844107
Scan Status:
In-progress
Ferrovie dello Stato Italiane S.p.A. Company CyberSecurity Posture
fsitaliane.it
Infrastructure, passenger transport, logistics, urban regeneration. United for Italy. #Untemponuovo
Ferrovie dello Stato Italiane S.p.A. A.I CyberSecurity Scoring
FDSIS Risk Score (AI oriented)Between 650 and 699
FDSIS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
FDSIS Global Score (TPRM)XXXX
FDSIS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
FDSIS Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
FS Italiane Group
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A cyberattack on **Almaviva**, an IT service provider for **FS Italiane Group** (Italy’s national railway operator), led to the exposure of sensitive internal documents, including personal data related to FS Italiane’s operations. The breach occurred due to an unauthorized actor exploiting vulnerabilities in Almaviva’s infrastructure, bypassing defenses and accessing downstream client systems. While no operational disruptions to railway services were reported, the incident compromised business-related documents, some containing personal data subject to GDPR. Investigations are ongoing to determine the full scope of exfiltrated data, with authorities (including Italy’s **ACN** and European regulators) assessing cross-border implications. The breach underscores third-party risks in critical infrastructure, prompting calls for stricter vendor controls and network segmentation. FS Italiane has intensified monitoring and third-party audits, while Almaviva is addressing vulnerabilities. The incident aligns with Italy’s push for enhanced cyber resilience under its **National Cybersecurity Perimeter law**, highlighting gaps in supply chain security for vital sectors like transport.
FS Italiane Group
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: The **FS Italiane Group**, Italy’s state-owned national railway operator, suffered a severe data breach after a threat actor compromised its IT services provider, **Almaviva**. The attacker exfiltrated **2.3 terabytes of sensitive data**, including **confidential documents, HR archives, accounting data, technical documentation, contracts with public entities, and complete datasets from multiple FS Group subsidiaries**. The leaked data, described as recent (Q3 2025), was structured in compressed archives by department, aligning with ransomware group tactics. While Almaviva confirmed the breach and isolated the attack, the exposure of **internal corporate, financial, and employee records**—along with potential **public entity contracts**—poses critical operational, reputational, and legal risks. Authorities, including Italy’s cybersecurity agency and data protection watchdog, are investigating. The breach’s scope remains unclear regarding **passenger data involvement** or broader client impact beyond FS, but the theft of **multi-company repositories and sensitive business intelligence** underscores systemic vulnerabilities in Italy’s critical infrastructure.
FS Italiane Group
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The **FS Italiane Group**, Italy’s state-owned national railway operator, suffered a major data breach after a threat actor infiltrated its IT services provider, **Almaviva**. The attacker exfiltrated **2.3 TB of sensitive data**, including **confidential documents, technical documentation, HR archives, accounting data, contracts with public entities, and multi-company repositories** from FS Group subsidiaries. The leaked data, organized by department and company, spans recent documents from **Q3 2025** and aligns with the tactics of ransomware groups active in 2024–2025.While Almaviva confirmed the breach and isolated the attack, the full scope remains unclear—particularly whether **passenger data** or other clients beyond FS were compromised. Authorities, including Italy’s **national cybersecurity agency, police, and data protection authority**, are investigating. The breach risks **operational disruptions, financial losses, reputational damage, and potential regulatory penalties**, given FS Italiane’s critical role in managing **railway infrastructure, freight transport, and logistics chains** across Italy. The incident underscores vulnerabilities in third-party IT providers handling state-owned enterprise data.
Ferrovie dello Stato Italiane (FS)
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Ferrovie dello Stato Italiane (FS), Italy’s state-owned railway operator, suffered a massive data breach via its IT provider, Almaviva. A threat actor stole **2.3 TB of sensitive data**, including **FSE investment plans (2017–2035), internal/confidential documents, trade secrets, forensic reports, legal papers, financial/bank records, and defense-related contracts** (e.g., with the **Ministry of Defense, Aeronautica Militare, and Guardia di Finanza**). The breach also exposed **passengers’ personal data (including passport numbers)** and **detailed employee records** (full names, emails, phone numbers, job titles, salaries, and CID) across multiple FS subsidiaries (e.g., Trenitalia, Rete Ferroviaria Italiana, Mercitalia). The leaked data spans **recent fiscal, administrative, and operational documents up to Q3 2025**, indicating a fresh compromise. While Almaviva contained the attack and protected critical services, the scale of exposed data—covering **corporate, employee, customer, and defense-sensitive information**—poses severe risks for fraud, espionage, and operational disruption.
FDSIS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for FDSIS
Incidents vs Facilities Services Industry Average (This Year)
Ferrovie dello Stato Italiane S.p.A. has 166.67% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Ferrovie dello Stato Italiane S.p.A. has 212.5% more incidents than the average of all companies with at least one recorded incident.
Incident Types FDSIS vs Facilities Services Industry Avg (This Year)
Ferrovie dello Stato Italiane S.p.A. reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.
Incident History — FDSIS (X = Date, Y = Severity)
FDSIS cyber incidents detection timeline including parent company and subsidiaries
FDSIS Company Subsidiaries
Infrastructure, passenger transport, logistics, urban regeneration. United for Italy. #Untemponuovo
Loading...
FDSIS Similar Companies
ATALIAN
ATALIAN is a major operator in Cleaning and Facility Management in France and Europe. The Group assists companies and organisations in outsourcing services to buildings and occupants by providing customised solutions that create value. ATALIAN operates in the most diverse sectors of activity and
Onet SA
Onet is a family service group, born in Marseille around 1860. Our 74,000 employees are spread over more than 500 locations in 8 countries. The global business volume in 2019 is 2 billion euros. Our vision: We know that human beings are never better than several people and that the intelligence of
Imdaad Group
Imdaad is a Dubai-based group of companies that provides integrated, sustainable facilities management services that enhance operational efficiencies of physical assets. Established in 2007, Imdaad’s suite of complete turnkey solutions includes Integrated FM, Hard FM, HomePro home maintenance, Visio
Cintas
Cintas Corporation, a Fortune 500 company headquartered in Cincinnati, specializes in helping businesses of all sizes get Ready™ for the Workday®. We provide a comprehensive range of products and services, including uniforms, mats, mops, towels, restroom supplies, workplace water services, first aid
ISS Deutschland
Die ISS Facility Services Holding GmbH mit Sitz in Düsseldorf ist ein Tochterunternehmen der dänischen ISS A/S. Diese ist mit mehr als 470.000 Mitarbeitern der größte Facility Services-Anbieter weltweit. ISS hilft Nutzerinnen und Nutzern von Gebäuden und Liegenschaften auf der ganzen Welt, eff
Com uma história sólida de sucesso desde sua fundação em 1967, a Verzani & Sandrini se destaca como líder nacional em diversos serviços terceirizados. Presente em todo o Brasil com mais de 71 mil colaboradores, atendemos setores como shopping centers, indústrias, hospitais, aeroportos e mais. Ofere
Mitie
Founded in 1987, Mitie is the UK’s leading facilities management and professional services company. We offer a range of specialist services including Security, Engineering Services, Cleaning, Landscaping, Energy and Property Consultancy, Property Maintenance, and Custody Support Services. Mitie emp
Rete Ferroviaria Italiana
Rete Ferroviaria Italiana (RFI) is the Company of the Ferrovie dello Stato Group with the public role of Infrastructure Manager. As the body responsible for the track, the stations and the installations, RFI ensures to Italian railway undertakings the access to the railway network, performs the main
Sodexo
Founded in Marseille in 1966 by Pierre Bellon, Sodexo is the leader in Food and Services, shaping better everyday experiences at every moment in life: work, heal, learn and play. The Group stands out for its independence, its founding family shareholding and its responsible business model. With its
.png)
FDSIS CyberSecurity News
November 21, 2025 12:15 PM
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive...
March 23, 2022 07:00 AM
Italy Rail Operator Says It Detected Signs of Hacking in System
Italy's state railway operator Ferrovie dello Stato SpA has temporarily halted in-station ticket sales after detecting signs of a cyber...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
FDSIS CyberSecurity History Information
Official Website of Ferrovie dello Stato Italiane S.p.A.
The official website of Ferrovie dello Stato Italiane S.p.A. is http://www.fsitaliane.it.
Ferrovie dello Stato Italiane S.p.A.’s AI-Generated Cybersecurity Score
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A.’s AI-generated cybersecurity score is 663, reflecting their Weak security posture.
How many security badges does Ferrovie dello Stato Italiane S.p.A.’ have ?
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Ferrovie dello Stato Italiane S.p.A. have SOC 2 Type 1 certification ?
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A. is not certified under SOC 2 Type 1.
Does Ferrovie dello Stato Italiane S.p.A. have SOC 2 Type 2 certification ?
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A. does not hold a SOC 2 Type 2 certification.
Does Ferrovie dello Stato Italiane S.p.A. comply with GDPR ?
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A. is not listed as GDPR compliant.
Does Ferrovie dello Stato Italiane S.p.A. have PCI DSS certification ?
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A. does not currently maintain PCI DSS compliance.
Does Ferrovie dello Stato Italiane S.p.A. comply with HIPAA ?
According to Rankiteo, Ferrovie dello Stato Italiane S.p.A. is not compliant with HIPAA regulations.
Does Ferrovie dello Stato Italiane S.p.A. have ISO 27001 certification ?
According to Rankiteo,Ferrovie dello Stato Italiane S.p.A. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ferrovie dello Stato Italiane S.p.A.
Ferrovie dello Stato Italiane S.p.A. operates primarily in the Facilities Services industry.
Number of Employees at Ferrovie dello Stato Italiane S.p.A.
Ferrovie dello Stato Italiane S.p.A. employs approximately 29,662 people worldwide.
Subsidiaries Owned by Ferrovie dello Stato Italiane S.p.A.
Ferrovie dello Stato Italiane S.p.A. presently has no subsidiaries across any sectors.
Ferrovie dello Stato Italiane S.p.A.’s LinkedIn Followers
Ferrovie dello Stato Italiane S.p.A.’s official LinkedIn profile has approximately 612,302 followers.
NAICS Classification of Ferrovie dello Stato Italiane S.p.A.
Ferrovie dello Stato Italiane S.p.A. is classified under the NAICS code 5612, which corresponds to Facilities Support Services.
Ferrovie dello Stato Italiane S.p.A.’s Presence on Crunchbase
No, Ferrovie dello Stato Italiane S.p.A. does not have a profile on Crunchbase.
Ferrovie dello Stato Italiane S.p.A.’s Presence on LinkedIn
Yes, Ferrovie dello Stato Italiane S.p.A. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ferrovie-dello-stato-s-p-a.
Cybersecurity Incidents Involving Ferrovie dello Stato Italiane S.p.A.
As of December 04, 2025, Rankiteo reports that Ferrovie dello Stato Italiane S.p.A. has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Ferrovie dello Stato Italiane S.p.A. has an estimated 4,803 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ferrovie dello Stato Italiane S.p.A. ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Ferrovie dello Stato Italiane S.p.A. detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with government agencies (police, national cybersecurity agency, data protection authority), and and containment measures with isolation of affected systems, and communication strategy with public statement to local media, communication strategy with transparency promised for updates, and and third party assistance with government agencies (police, national cybersecurity agency, data protection authority), and and containment measures with isolation of affected systems, and communication strategy with transparent updates as investigation progresses (per almaviva's statement), and and and containment measures with isolation of affected systems, containment measures with activation of specialized security procedures, and communication strategy with prompt notification to authorities (public prosecutor’s office, postal police, national agency for cybersecurity, italian data protection authority), communication strategy with coordination with partners and stakeholders, communication strategy with public disclosure via company notice, and and and third party assistance with acn (agenzia per la cybersicurezza nazionale), third party assistance with european cybersecurity organizations, and and containment measures with isolation of critical railway systems, containment measures with network segmentation, and remediation measures with third-party assessments, remediation measures with corrective actions by almaviva, and recovery measures with enhanced monitoring across fs italiane’s networks, and communication strategy with internal communications by fs italiane, communication strategy with public disclosure via acn, and and .
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Almaviva Affecting FS Italiane Group
Description: A threat actor breached Almaviva, the IT services provider for Italy's national railway operator FS Italiane Group, exposing 2.3 terabytes of sensitive data. The leaked data includes confidential documents, internal shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting data, and complete datasets from several FS Group companies. The breach was confirmed by Almaviva, which stated it had activated security procedures and informed authorities. The investigation is ongoing, and it remains unclear if passenger information was compromised or if other Almaviva clients were affected.
Type: Data Breach
Title: Data Breach at Almaviva Affecting FS Italiane Group
Description: A threat actor breached Almaviva, the IT services provider for Italy's national railway operator FS Italiane Group, exposing 2.3 terabytes of sensitive data. The leaked data includes confidential documents, technical documentation, contracts, HR archives, accounting data, and datasets from FS Group companies. The breach was confirmed by Almaviva, and authorities have been notified. The investigation is ongoing.
Type: Data Breach
Title: Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
Description: Data belonging to Italy’s national railway operator Ferrovie dello Stato Italiane (FS) was leaked after a data breach at IT provider Almaviva. A threat actor claimed the theft of 2.3 TB of sensitive data, including internal documents, contracts, employee/passenger PII, financial records, and defense-related supplies. Almaviva detected and contained the attack, activating security procedures and notifying authorities while keeping critical services operational.
Date Publicly Disclosed: 2025-11-21
Type: Data Breach
Title: Cyberattack on Almaviva Exposes Sensitive FS Italiane Group Data
Description: A cyberattack targeting Almaviva, an Italian IT service provider, led to the exposure of sensitive internal documents and personal data belonging to FS Italiane Group, Italy’s national railway operator. The breach was discovered after Italy’s national cybersecurity agency (ACN) initiated an investigation into suspicious activity. While no operational disruptions to railway services were reported, the incident highlights third-party risks in critical infrastructure sectors. The attack vector is suspected to involve phishing or credential compromise, enabling lateral movement into sensitive systems. Investigations are ongoing to assess the full scope of data exposure and potential GDPR implications.
Type: Data Breach
Attack Vector: Phishing (suspected)Credential Compromise (suspected)
Vulnerability Exploited: Weaknesses in Almaviva’s infrastructureLack of segmentation between IT and operational systems
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing (suspected)Credential compromise (suspected).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach FER2502325112125
Data Compromised: Confidential documents, Internal shares, Multi-company repositories, Technical documentation, Contracts with public entities, Hr archives, Accounting data, Complete datasets from fs group companies
Systems Affected: Corporate systems of Almaviva
Brand Reputation Impact: Potential reputational damage to Almaviva and FS Italiane Group
Incident : Data Breach FER0933509112125
Data Compromised: Confidential documents, Technical documentation, Contracts with public entities, Hr archives, Accounting data, Complete datasets from fs group companies
Systems Affected: Corporate systems of Almaviva
Brand Reputation Impact: Potential reputational damage to Almaviva and FS Italiane Group
Incident : Data Breach FER4392043112125
Data Compromised: 2.3 TB
Systems Affected: Corporate systems of Almaviva
Operational Impact: None (critical services remained fully operational)
Brand Reputation Impact: High (sensitive data leak affecting national railway and defense-related entities)
Identity Theft Risk: High (passenger PII, employee data, and financial records exposed)
Payment Information Risk: High (bank documents and financial data compromised)
Incident : Data Breach FER1992519112125
Data Compromised: Internal documents, Personal data (potentially gdpr-regulated)
Systems Affected: Almaviva’s IT systemsFS Italiane’s non-operational networks
Downtime: None (no operational disruptions reported)
Operational Impact: None (railway services unaffected)
Brand Reputation Impact: Potential reputational damage to Almaviva and FS Italiane
Legal Liabilities: Potential GDPR violationsRegulatory scrutiny
Identity Theft Risk: Possible (personal data exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Confidential Documents, Internal Shares, Multi-Company Repositories, Technical Documentation, Contracts With Public Entities, Hr Archives, Accounting Data, Complete Datasets From Fs Group Companies, , Internal Shares, Multi-Company Repositories, Technical Documentation, Contracts With Public Entities, Hr Archives, Accounting Data, Complete Datasets From Fs Group Companies, , Fse Investment And Industrial Plans (2017–2035), Internal/Confidential Documents (Marked Uso Interno, Confidenziale, Esclusivo), Privileged Communications, Contracts/Agreements (Including Ndas And Defense-Related Contracts With Ministero Difesa, Aeronautica Militare), Project Documentation (E.G., Project Venus, Leonardo, Sipad), Codes And Trade Secrets, Forensic Reports, Legal/Court Papers, Financial/Bank Documents, Passenger Personal Data (Including Passport Numbers), Employee Data (Full Names, Email Addresses, Phone Numbers, Job Titles, Salaries, Cid), Mercitalia Client Data, Priority Lists Of Defense-Related Supplies, Almaviva Contracts With Clients/Suppliers (E.G., Guardia Di Finanza, Carabinieri, Health Authorities), Tender Documents, Organizational Structures (E.G., Generali Italia S.P.A.), Rif Financial Documents, Technical Documents For Almaviva Projects, Fiscal, Administrative, And Operational Documents (Up To Q3 2025), , Internal Business Documents, Personal Data and .
Which entities were affected by each incident ?
Incident : Data Breach FER2502325112125
Entity Name: Almaviva
Entity Type: IT Services Provider
Industry: Information Technology
Location: Italy (global operations)
Size: Over 41,000 employees, ~80 branches worldwide, $1.4 billion annual turnover (2024)
Customers Affected: FS Italiane Group (confirmed), Potentially other clients (unconfirmed)
Incident : Data Breach FER2502325112125
Entity Name: FS Italiane Group
Entity Type: State-owned Railway Operator
Industry: Transportation (Railway, Bus, Logistics)
Location: Italy
Size: $18 billion annual revenue, one of Italy's largest industrial companies
Incident : Data Breach FER0933509112125
Entity Name: Almaviva
Entity Type: IT Services Provider
Industry: Information Technology
Location: Italy (global operations)
Size: Over 41,000 employees, ~80 branches worldwide
Customers Affected: FS Italiane Group (confirmed), Potentially other clients (unconfirmed)
Incident : Data Breach FER0933509112125
Entity Name: FS Italiane Group
Entity Type: State-owned Railway Operator
Industry: Transportation (Railway, Logistics)
Location: Italy
Size: Over $18 billion annual revenue
Customers Affected: Unclear if passenger data is included
Incident : Data Breach FER4392043112125
Entity Name: Ferrovie dello Stato Italiane (FS)
Entity Type: State-owned railway operator
Industry: Transportation/Logistics
Location: Italy
Customers Affected: Millions (annual passengers)
Incident : Data Breach FER4392043112125
Entity Name: AlmavivA
Entity Type: IT and digital services provider
Industry: Technology/Defense
Location: Italy (global operations)
Size: 41,000 employees (7,000 in Italy, 34,000 abroad)
Incident : Data Breach FER4392043112125
Entity Name: Trenitalia
Entity Type: Subsidiary
Industry: Rail Transport
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: Rete Ferroviaria Italiana (RFI)
Entity Type: Subsidiary
Industry: Rail Infrastructure
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: MERCITALIA INTERMODAL S.p.A.
Entity Type: Subsidiary
Industry: Logistics
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: GrandiStazioni Retail
Entity Type: Subsidiary
Industry: Retail
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: MINISTERO DIFESA (Italian Ministry of Defense)
Entity Type: Government Agency
Industry: Defense
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: AERONAUTICA MILITARE (Italian Air Force)
Entity Type: Military Branch
Industry: Defense
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: General Guardia di Finanza
Entity Type: Law Enforcement
Industry: Public Security
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: General Command of the Carabinieri
Entity Type: Law Enforcement
Industry: Public Security
Location: Italy
Incident : Data Breach FER4392043112125
Entity Name: MINISTRY OF FOREIGN AFFAIRS AND INTERNATIONAL COOPERATION
Entity Type: Government Agency
Industry: Diplomacy
Location: Italy
Incident : Data Breach FER1992519112125
Entity Name: Almaviva
Entity Type: IT Service Provider
Industry: Information Technology
Location: Italy
Incident : Data Breach FER1992519112125
Entity Name: FS Italiane Group
Entity Type: National Railway Operator
Industry: Transportation (Critical Infrastructure)
Location: Italy
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach FER2502325112125
Incident Response Plan Activated: True
Third Party Assistance: Government Agencies (Police, National Cybersecurity Agency, Data Protection Authority).
Containment Measures: Isolation of affected systems
Communication Strategy: Public statement to local mediaTransparency promised for updates
Incident : Data Breach FER0933509112125
Incident Response Plan Activated: True
Third Party Assistance: Government Agencies (Police, National Cybersecurity Agency, Data Protection Authority).
Containment Measures: Isolation of affected systems
Communication Strategy: Transparent updates as investigation progresses (per Almaviva's statement)
Incident : Data Breach FER4392043112125
Incident Response Plan Activated: True
Containment Measures: Isolation of affected systemsActivation of specialized security procedures
Communication Strategy: Prompt notification to authorities (Public Prosecutor’s Office, Postal Police, National Agency for Cybersecurity, Italian Data Protection Authority)Coordination with partners and stakeholdersPublic disclosure via company notice
Incident : Data Breach FER1992519112125
Incident Response Plan Activated: True
Third Party Assistance: Acn (Agenzia Per La Cybersicurezza Nazionale), European Cybersecurity Organizations.
Containment Measures: Isolation of critical railway systemsNetwork segmentation
Remediation Measures: Third-party assessmentsCorrective actions by Almaviva
Recovery Measures: Enhanced monitoring across FS Italiane’s networks
Communication Strategy: Internal communications by FS ItalianePublic disclosure via ACN
Network Segmentation: True
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Government agencies (police, national cybersecurity agency, data protection authority), , Government agencies (police, national cybersecurity agency, data protection authority), , ACN (Agenzia per la Cybersicurezza Nazionale), European cybersecurity organizations, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach FER2502325112125
Type of Data Compromised: Confidential documents, Internal shares, Multi-company repositories, Technical documentation, Contracts with public entities, Hr archives, Accounting data, Complete datasets from fs group companies
Sensitivity of Data: High (includes confidential and sensitive company information)
Incident : Data Breach FER0933509112125
Type of Data Compromised: Internal shares, Multi-company repositories, Technical documentation, Contracts with public entities, Hr archives, Accounting data, Complete datasets from fs group companies
Sensitivity of Data: High (confidential and sensitive company information)
Personally Identifiable Information: Unclear (potential inclusion of passenger data unconfirmed)
Incident : Data Breach FER4392043112125
Type of Data Compromised: Fse investment and industrial plans (2017–2035), Internal/confidential documents (marked uso interno, confidenziale, esclusivo), Privileged communications, Contracts/agreements (including ndas and defense-related contracts with ministero difesa, aeronautica militare), Project documentation (e.g., project venus, leonardo, sipad), Codes and trade secrets, Forensic reports, Legal/court papers, Financial/bank documents, Passenger personal data (including passport numbers), Employee data (full names, email addresses, phone numbers, job titles, salaries, cid), Mercitalia client data, Priority lists of defense-related supplies, Almaviva contracts with clients/suppliers (e.g., guardia di finanza, carabinieri, health authorities), Tender documents, Organizational structures (e.g., generali italia s.p.a.), Rif financial documents, Technical documents for almaviva projects, Fiscal, administrative, and operational documents (up to q3 2025)
Sensitivity of Data: Extremely High (includes PII, defense contracts, trade secrets, and financial records)
Personally Identifiable Information: Passenger data (passport numbers)Employee data (names, emails, phone numbers, job titles, salaries, CID)
Incident : Data Breach FER1992519112125
Type of Data Compromised: Internal business documents, Personal data
Sensitivity of Data: High (includes personal and operational data)
Data Exfiltration: Suspected (under investigation)
File Types Exposed: Documents
Personally Identifiable Information: Yes (confirmed)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Third-party assessments, Corrective actions by Almaviva, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolation of affected systems, , isolation of affected systems, , isolation of affected systems, activation of specialized security procedures, , isolation of critical railway systems, network segmentation and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach FER2502325112125
Data Exfiltration: True
Incident : Data Breach FER0933509112125
Data Exfiltration: True
Incident : Data Breach FER4392043112125
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Enhanced monitoring across FS Italiane’s networks, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach FER2502325112125
Regulatory Notifications: Italian policeNational cybersecurity agencyData protection authority
Incident : Data Breach FER0933509112125
Regulatory Notifications: Italian policeNational cybersecurity agencyData protection authority
Incident : Data Breach FER4392043112125
Regulatory Notifications: Public Prosecutor’s OfficePostal PoliceNational Agency for CybersecurityItalian Data Protection Authority
Incident : Data Breach FER1992519112125
Regulations Violated: Potential GDPR violations,
Regulatory Notifications: Data protection agencies notifiedACN investigation ongoing
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach FER1992519112125
Lessons Learned: Third-party vendors must apply stringent cybersecurity controls when accessing sensitive data., Critical infrastructure operators should implement network segmentation to protect operational technology from IT-side breaches., Swift breach notification and incident response are critical for GDPR compliance in third-party breaches., Continuous reassessment of vendor exposure and third-party risk management is essential.
What recommendations were made to prevent future incidents ?
Incident : Data Breach FER1992519112125
Recommendations: Enhance vendor cybersecurity audits and contractual obligations for data protection., Implement stricter access controls and monitoring for third-party service providers., Adopt zero-trust architecture to limit lateral movement in case of breaches., Participate in intelligence-sharing initiatives to improve threat detection and response., Comply with Italy’s National Cybersecurity Perimeter law for critical infrastructure protection.Enhance vendor cybersecurity audits and contractual obligations for data protection., Implement stricter access controls and monitoring for third-party service providers., Adopt zero-trust architecture to limit lateral movement in case of breaches., Participate in intelligence-sharing initiatives to improve threat detection and response., Comply with Italy’s National Cybersecurity Perimeter law for critical infrastructure protection.Enhance vendor cybersecurity audits and contractual obligations for data protection., Implement stricter access controls and monitoring for third-party service providers., Adopt zero-trust architecture to limit lateral movement in case of breaches., Participate in intelligence-sharing initiatives to improve threat detection and response., Comply with Italy’s National Cybersecurity Perimeter law for critical infrastructure protection.Enhance vendor cybersecurity audits and contractual obligations for data protection., Implement stricter access controls and monitoring for third-party service providers., Adopt zero-trust architecture to limit lateral movement in case of breaches., Participate in intelligence-sharing initiatives to improve threat detection and response., Comply with Italy’s National Cybersecurity Perimeter law for critical infrastructure protection.Enhance vendor cybersecurity audits and contractual obligations for data protection., Implement stricter access controls and monitoring for third-party service providers., Adopt zero-trust architecture to limit lateral movement in case of breaches., Participate in intelligence-sharing initiatives to improve threat detection and response., Comply with Italy’s National Cybersecurity Perimeter law for critical infrastructure protection.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Third-party vendors must apply stringent cybersecurity controls when accessing sensitive data.,Critical infrastructure operators should implement network segmentation to protect operational technology from IT-side breaches.,Swift breach notification and incident response are critical for GDPR compliance in third-party breaches.,Continuous reassessment of vendor exposure and third-party risk management is essential.
References
Where can I find more information about each incident ?
Incident : Data Breach FER2502325112125
Source: BleepingComputer
Incident : Data Breach FER2502325112125
Source: Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab
Incident : Data Breach FER2502325112125
Source: Almaviva public statement (via local media)
Incident : Data Breach FER0933509112125
Source: BleepingComputer
Incident : Data Breach FER0933509112125
Source: Andrea Draghetti (Head of Cyber Threat Intelligence, D3Lab)
Incident : Data Breach FER0933509112125
Source: Almaviva's statement to local media
Incident : Data Breach FER4392043112125
Source: SecurityAffairs
URL: https://securityaffairs.com
Date Accessed: 2025-11-21
Incident : Data Breach FER1992519112125
Source: ACN (Agenzia per la Cybersicurezza Nazionale)
Incident : Data Breach FER1992519112125
Source: FS Italiane Group Internal Communication
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, and Source: Almaviva public statement (via local media), and Source: BleepingComputer, and Source: Andrea Draghetti (Head of Cyber Threat Intelligence, D3Lab), and Source: Almaviva's statement to local media, and Source: SecurityAffairsUrl: https://securityaffairs.comDate Accessed: 2025-11-21, and Source: ACN (Agenzia per la Cybersicurezza Nazionale), and Source: FS Italiane Group Internal Communication.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach FER2502325112125
Investigation Status: Ongoing (with government agency assistance)
Incident : Data Breach FER0933509112125
Investigation Status: Ongoing (with government agency assistance)
Incident : Data Breach FER4392043112125
Investigation Status: Ongoing (close coordination with authorities; technical details not disclosed)
Incident : Data Breach FER1992519112125
Investigation Status: Ongoing (ACN-led investigation, third-party assessments in progress)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statement To Local Media, Transparency Promised For Updates, Transparent updates as investigation progresses (per Almaviva's statement), Prompt Notification To Authorities (Public Prosecutor’S Office, Postal Police, National Agency For Cybersecurity, Italian Data Protection Authority), Coordination With Partners And Stakeholders, Public Disclosure Via Company Notice, Internal Communications By Fs Italiane and Public Disclosure Via Acn.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach FER4392043112125
Stakeholder Advisories: Authorities, partners, and relevant stakeholders were promptly informed.
Incident : Data Breach FER1992519112125
Stakeholder Advisories: Fs Italiane And Almaviva Are Coordinating With Regulators And Stakeholders..
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Authorities, partners, and relevant stakeholders were promptly informed. and Fs Italiane And Almaviva Are Coordinating With Regulators And Stakeholders..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach FER2502325112125
High Value Targets: Fs Italiane Group Data, Multi-Company Repositories,
Data Sold on Dark Web: Fs Italiane Group Data, Multi-Company Repositories,
Incident : Data Breach FER0933509112125
High Value Targets: Fs Italiane Group Data, Multi-Company Repositories,
Data Sold on Dark Web: Fs Italiane Group Data, Multi-Company Repositories,
Incident : Data Breach FER4392043112125
High Value Targets: Defense Contracts, Employee/Financial Data, Trade Secrets,
Data Sold on Dark Web: Defense Contracts, Employee/Financial Data, Trade Secrets,
Incident : Data Breach FER1992519112125
Entry Point: Phishing (Suspected), Credential Compromise (Suspected),
High Value Targets: Fs Italiane’S Internal Documents And Personal Data,
Data Sold on Dark Web: Fs Italiane’S Internal Documents And Personal Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach FER1992519112125
Root Causes: Weaknesses In Almaviva’S Infrastructure Defenses, Potential Lack Of Segmentation Between It And Operational Networks, Possible Phishing Or Credential Compromise Enabling Lateral Movement,
Corrective Actions: Almaviva Implementing Corrective Measures To Mitigate Vulnerabilities, Fs Italiane Enhancing Network Monitoring And Third-Party Assessments, Collaboration With Acn And European Regulators For Cross-Border Implications,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Government Agencies (Police, National Cybersecurity Agency, Data Protection Authority), , Government Agencies (Police, National Cybersecurity Agency, Data Protection Authority), , , Acn (Agenzia Per La Cybersicurezza Nazionale), European Cybersecurity Organizations, , .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Almaviva Implementing Corrective Measures To Mitigate Vulnerabilities, Fs Italiane Enhancing Network Monitoring And Third-Party Assessments, Collaboration With Acn And European Regulators For Cross-Border Implications, .
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-21.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Confidential documents, Internal shares, Multi-company repositories, Technical documentation, Contracts with public entities, HR archives, Accounting data, Complete datasets from FS Group companies, , Confidential documents, Technical documentation, Contracts with public entities, HR archives, Accounting data, Complete datasets from FS Group companies, , 2.3 TB, Internal documents, Personal data (potentially GDPR-regulated) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Corporate systems of Almaviva and Corporate systems of Almaviva and Corporate systems of Almaviva and Almaviva’s IT systemsFS Italiane’s non-operational networks.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was government agencies (police, national cybersecurity agency, data protection authority), , government agencies (police, national cybersecurity agency, data protection authority), , acn (agenzia per la cybersicurezza nazionale), european cybersecurity organizations, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Isolation of affected systems, Isolation of affected systems, Isolation of affected systemsActivation of specialized security procedures and Isolation of critical railway systemsNetwork segmentation.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Confidential documents, 2.3 TB, Personal data (potentially GDPR-regulated), Multi-company repositories, Internal documents, Internal shares, Complete datasets from FS Group companies, HR archives, Contracts with public entities, Technical documentation and Accounting data.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Continuous reassessment of vendor exposure and third-party risk management is essential.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Participate in intelligence-sharing initiatives to improve threat detection and response., Adopt zero-trust architecture to limit lateral movement in case of breaches., Implement stricter access controls and monitoring for third-party service providers., Enhance vendor cybersecurity audits and contractual obligations for data protection. and Comply with Italy’s National Cybersecurity Perimeter law for critical infrastructure protection..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are ACN (Agenzia per la Cybersicurezza Nazionale), Almaviva public statement (via local media), Almaviva's statement to local media, FS Italiane Group Internal Communication, BleepingComputer, Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, SecurityAffairs, Andrea Draghetti (Head of Cyber Threat Intelligence and D3Lab).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://securityaffairs.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (with government agency assistance).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Authorities, partners, and relevant stakeholders were promptly informed., FS Italiane and Almaviva are coordinating with regulators and stakeholders., .
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ferrovie-dello-stato-s-p-a' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
