FDSIS A.I CyberSecurity Scoring
FDSIS
Company Information
Website:http://www.fsitaliane.it
Employees number:28,076
Number of followers:691,175
NAICS:5612
Industry Type:Facilities Services
Homepage:fsitaliane.it
FDSIS Risk Score (AI oriented)
Between 650 and 699
FDSISFacilities Services
Updated:
01/04/2026
01/04/2026
673/1000
Weak
B
FDSIS Global Score (TPRM)
xxxx
FDSISFacilities Services
Score locked

FDSISWeak
Current Score
673B (WEAK)
01000
4 incidents
-48 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
682
JUNE 2026
680
MAY 2026
676
APRIL 2026
675
MARCH 2026
671
FEBRUARY 2026
670
JANUARY 2026
668
DECEMBER 2025
664
NOVEMBER 2025
711
Breach
21 Nov 2025 • FDSIS
FS Italiane Group
Cyberattack on Almaviva Exposes Sensitive FS Italiane Group Data
663
CRITICAL-48
FER1992519112125
A cyberattack on Almaviva, an IT service provider for FS Italiane Group (Italy’s national railway operator), led to the exposure of sensitive internal documents, including personal data related to FS Italiane’s operations. The breach occurred due to an unauthorized actor exploiting vulnerabilities in Almaviva’s infrastructure, bypassing defenses and accessing downstream client systems. While no operational disruptions to railway services were reported, the incident compromised business-related documents, some containing personal data subject to GDPR. Investigations are ongoing to determine the full scope of exfiltrated data, with authorities (including Italy’s ACN and European regulators) assessing cross-border implications. The breach underscores third-party risks in critical infrastructure, prompting calls for stricter vendor controls and network segmentation. FS Italiane has intensified monitoring and third-party audits, while Almaviva is addressing vulnerabilities. The incident aligns with Italy’s push for enhanced cyber resilience under its National Cybersecurity Perimeter law, highlighting gaps in supply chain security for vital sectors like transport.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
710
SEPTEMBER 2025
708
AUGUST 2025
707
JUNE 2025
751
Breach
16 Jun 2025 • FDSIS
FS Italiane Group
Data Breach at Almaviva Affecting FS Italiane Group
702
CRITICAL-49
FER2502325112125
The FS Italiane Group, Italy’s state-owned national railway operator, suffered a severe data breach after a threat actor compromised its IT services provider, Almaviva. The attacker exfiltrated 2.3 terabytes of sensitive data, including confidential documents, HR archives, accounting data, technical documentation, contracts with public entities, and complete datasets from multiple FS Group subsidiaries. The leaked data, described as recent (Q3 2025), was structured in compressed archives by department, aligning with ransomware group tactics. While Almaviva confirmed the breach and isolated the attack, the exposure of internal corporate, financial, and employee records—along with potential public entity contracts—poses critical operational, reputational, and legal risks. Authorities, including Italy’s cybersecurity agency and data protection watchdog, are investigating. The breach’s scope remains unclear regarding passenger data involvement or broader client impact beyond FS, but the theft of multi-company repositories and sensitive business intelligence underscores systemic vulnerabilities in Italy’s critical infrastructure.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
791
Breach
16 Jun 2024 • FDSIS
FS Italiane Group
Data Breach at Almaviva Affecting FS Italiane Group
739
CRITICAL-52
FER0933509112125
The FS Italiane Group, Italy’s state-owned national railway operator, suffered a major data breach after a threat actor infiltrated its IT services provider, Almaviva. The attacker exfiltrated 2.3 TB of sensitive data, including confidential documents, technical documentation, HR archives, accounting data, contracts with public entities, and multi-company repositories from FS Group subsidiaries. The leaked data, organized by department and company, spans recent documents from Q3 2025 and aligns with the tactics of ransomware groups active in 2024–2025.While Almaviva confirmed the breach and isolated the attack, the full scope remains unclear—particularly whether passenger data or other clients beyond FS were compromised. Authorities, including Italy’s national cybersecurity agency, police, and data protection authority, are investigating. The breach risks operational disruptions, financial losses, reputational damage, and potential regulatory penalties, given FS Italiane’s critical role in managing railway infrastructure, freight transport, and logistics chains across Italy. The incident underscores vulnerabilities in third-party IT providers handling state-owned enterprise data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2017
801
Breach
16 Jun 2017 • FDSIS
Ferrovie dello Stato Italiane (FS)
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
749
CRITICAL-52
FER4392043112125
Ferrovie dello Stato Italiane (FS), Italy’s state-owned railway operator, suffered a massive data breach via its IT provider, Almaviva. A threat actor stole 2.3 TB of sensitive data, including FSE investment plans (2017–2035), internal/confidential documents, trade secrets, forensic reports, legal papers, financial/bank records, and defense-related contracts (e.g., with the Ministry of Defense, Aeronautica Militare, and Guardia di Finanza). The breach also exposed passengers’ personal data (including passport numbers) and detailed employee records (full names, emails, phone numbers, job titles, salaries, and CID) across multiple FS subsidiaries (e.g., Trenitalia, Rete Ferroviaria Italiana, Mercitalia). The leaked data spans recent fiscal, administrative, and operational documents up to Q3 2025, indicating a fresh compromise. While Almaviva contained the attack and protected critical services, the scale of exposed data—covering corporate, employee, customer, and defense-sensitive information—poses severe risks for fraud, espionage, and operational disruption.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for FDSIS ??
What was FDSIS's A.I Rankiteo Cyber Score in June 2026 ??
What was FDSIS's A.I Rankiteo Cyber Score in May 2026 ??
What was FDSIS's A.I Rankiteo Cyber Score in April 2026 ??
What was FDSIS's A.I Rankiteo Cyber Score in March 2026 ??
What was FDSIS's A.I Rankiteo Cyber Score in February 2026 ??
What was FDSIS's A.I Rankiteo Cyber Score in January 2026 ??
What was FDSIS's A.I Rankiteo Cyber Score in December 2025 ??
What was FDSIS's A.I Rankiteo Cyber Score in November 2025 ??
What was FDSIS's A.I Rankiteo Cyber Score in October 2025 ??
What was FDSIS's A.I Rankiteo Cyber Score in September 2025 ??
What was FDSIS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on FDSIS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with FDSIS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view FDSIS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?