Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Ferrovie dello Stato Italiane S.p.A.

Ferrovie dello Stato Italiane S.p.A. Vendor Cyber Rating & Cyber Score

fsitaliane.it

Infrastructure, passenger transport, logistics, urban regeneration. United for Italy. #Untemponuovo


FDSIS A.I CyberSecurity Scoring

FDSIS
Company Information
Website:http://www.fsitaliane.it
Employees number:28,076
Number of followers:691,175
NAICS:5612
Industry Type:Facilities Services
Homepage:fsitaliane.it
FDSIS Risk Score (AI oriented)
Between 650 and 699
logo
FDSISFacilities Services
Updated:
01/04/2026
673/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
FDSIS Global Score (TPRM)
xxxx
logo
FDSISFacilities Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

FDSIS
FDSISWeak
Current Score
673B (WEAK)
01000
4 incidents
-48 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
682Before Incident
JUNE 2026
680Before Incident
MAY 2026
676Before Incident
APRIL 2026
675Before Incident
MARCH 2026
671Before Incident
FEBRUARY 2026
670Before Incident
JANUARY 2026
668Before Incident
DECEMBER 2025
664Before Incident
NOVEMBER 2025
711Before Incident
Breach
21 Nov 2025FDSIS
FS Italiane Group

Cyberattack on Almaviva Exposes Sensitive FS Italiane Group Data

663After Incident
CRITICAL-48
FER1992519112125
A cyberattack on Almaviva, an IT service provider for FS Italiane Group (Italy’s national railway operator), led to the exposure of sensitive internal documents, including personal data related to FS Italiane’s operations. The breach occurred due to an unauthorized actor exploiting vulnerabilities in Almaviva’s infrastructure, bypassing defenses and accessing downstream client systems. While no operational disruptions to railway services were reported, the incident compromised business-related documents, some containing personal data subject to GDPR. Investigations are ongoing to determine the full scope of exfiltrated data, with authorities (including Italy’s ACN and European regulators) assessing cross-border implications. The breach underscores third-party risks in critical infrastructure, prompting calls for stricter vendor controls and network segmentation. FS Italiane has intensified monitoring and third-party audits, while Almaviva is addressing vulnerabilities. The incident aligns with Italy’s push for enhanced cyber resilience under its National Cybersecurity Perimeter law, highlighting gaps in supply chain security for vital sectors like transport.
INCIDENT DETAILS -
TYPE
Data BreachThird-Party Compromise
IMPACT
Internal documentsPersonal data (potentially GDPR-regulated)Almaviva’s IT systemsFS Italiane’s non-operational networksDowntime: None (no operational disruptions reported)Operational Impact: None (railway services unaffected)Brand Reputation Impact: Potential reputational damage to Almaviva and FS ItalianePotential GDPR violationsRegulatory scrutinyIdentity Theft Risk: Possible (personal data exposed)
DATA BREACH
Internal business documentsPersonal dataSensitivity Of Data: High (includes personal and operational data)Data Exfiltration: Suspected (under investigation)DocumentsPersonally Identifiable Information: Yes (confirmed)
OCTOBER 2025
710Before Incident
SEPTEMBER 2025
708Before Incident
AUGUST 2025
707Before Incident
JUNE 2025
751Before Incident
Breach
16 Jun 2025FDSIS
FS Italiane Group

Data Breach at Almaviva Affecting FS Italiane Group

702After Incident
CRITICAL-49
FER2502325112125
The FS Italiane Group, Italy’s state-owned national railway operator, suffered a severe data breach after a threat actor compromised its IT services provider, Almaviva. The attacker exfiltrated 2.3 terabytes of sensitive data, including confidential documents, HR archives, accounting data, technical documentation, contracts with public entities, and complete datasets from multiple FS Group subsidiaries. The leaked data, described as recent (Q3 2025), was structured in compressed archives by department, aligning with ransomware group tactics. While Almaviva confirmed the breach and isolated the attack, the exposure of internal corporate, financial, and employee records—along with potential public entity contracts—poses critical operational, reputational, and legal risks. Authorities, including Italy’s cybersecurity agency and data protection watchdog, are investigating. The breach’s scope remains unclear regarding passenger data involvement or broader client impact beyond FS, but the theft of multi-company repositories and sensitive business intelligence underscores systemic vulnerabilities in Italy’s critical infrastructure.
INCIDENT DETAILS -
TYPE
Data BreachCyberattack
IMPACT
Confidential documentsInternal sharesMulti-company repositoriesTechnical documentationContracts with public entitiesHR archivesAccounting dataComplete datasets from FS Group companiesCorporate systems of AlmavivaBrand Reputation Impact: Potential reputational damage to Almaviva and FS Italiane Group
DATA BREACH
Confidential documentsInternal sharesMulti-company repositoriesTechnical documentationContracts with public entitiesHR archivesAccounting dataComplete datasets from FS Group companiesSensitivity Of Data: High (includes confidential and sensitive company information)
JUNE 2024
791Before Incident
Breach
16 Jun 2024FDSIS
FS Italiane Group

Data Breach at Almaviva Affecting FS Italiane Group

739After Incident
CRITICAL-52
FER0933509112125
The FS Italiane Group, Italy’s state-owned national railway operator, suffered a major data breach after a threat actor infiltrated its IT services provider, Almaviva. The attacker exfiltrated 2.3 TB of sensitive data, including confidential documents, technical documentation, HR archives, accounting data, contracts with public entities, and multi-company repositories from FS Group subsidiaries. The leaked data, organized by department and company, spans recent documents from Q3 2025 and aligns with the tactics of ransomware groups active in 2024–2025.While Almaviva confirmed the breach and isolated the attack, the full scope remains unclear—particularly whether passenger data or other clients beyond FS were compromised. Authorities, including Italy’s national cybersecurity agency, police, and data protection authority, are investigating. The breach risks operational disruptions, financial losses, reputational damage, and potential regulatory penalties, given FS Italiane’s critical role in managing railway infrastructure, freight transport, and logistics chains across Italy. The incident underscores vulnerabilities in third-party IT providers handling state-owned enterprise data.
INCIDENT DETAILS -
TYPE
Data BreachCyberattack
IMPACT
Confidential documentsTechnical documentationContracts with public entitiesHR archivesAccounting dataComplete datasets from FS Group companiesCorporate systems of AlmavivaBrand Reputation Impact: Potential reputational damage to Almaviva and FS Italiane Group
DATA BREACH
Internal sharesMulti-company repositoriesTechnical documentationContracts with public entitiesHR archivesAccounting dataComplete datasets from FS Group companiesSensitivity Of Data: High (confidential and sensitive company information)Personally Identifiable Information: Unclear (potential inclusion of passenger data unconfirmed)
JUNE 2017
801Before Incident
Breach
16 Jun 2017FDSIS
Ferrovie dello Stato Italiane (FS)

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

749After Incident
CRITICAL-52
FER4392043112125
Ferrovie dello Stato Italiane (FS), Italy’s state-owned railway operator, suffered a massive data breach via its IT provider, Almaviva. A threat actor stole 2.3 TB of sensitive data, including FSE investment plans (2017–2035), internal/confidential documents, trade secrets, forensic reports, legal papers, financial/bank records, and defense-related contracts (e.g., with the Ministry of Defense, Aeronautica Militare, and Guardia di Finanza). The breach also exposed passengers’ personal data (including passport numbers) and detailed employee records (full names, emails, phone numbers, job titles, salaries, and CID) across multiple FS subsidiaries (e.g., Trenitalia, Rete Ferroviaria Italiana, Mercitalia). The leaked data spans recent fiscal, administrative, and operational documents up to Q3 2025, indicating a fresh compromise. While Almaviva contained the attack and protected critical services, the scale of exposed data—covering corporate, employee, customer, and defense-sensitive information—poses severe risks for fraud, espionage, and operational disruption.
INCIDENT DETAILS -
TYPE
Data BreachData LeakCyberattack
IMPACT
Data Compromised: 2.3 TBCorporate systems of AlmavivaOperational Impact: None (critical services remained fully operational)Brand Reputation Impact: High (sensitive data leak affecting national railway and defense-related entities)Identity Theft Risk: High (passenger PII, employee data, and financial records exposed)Payment Information Risk: High (bank documents and financial data compromised)
DATA BREACH
FSE Investment and Industrial Plans (2017–2035)Internal/confidential documents (marked USO INTERNO, CONFIDENZIALE, ESCLUSIVO)Privileged communicationsContracts/agreements (including NDAs and defense-related contracts with MINISTERO DIFESA, AERONAUTICA MILITARE)Project documentation (e.g., Project Venus, Leonardo, SIPAD)Codes and trade secretsForensic reportsLegal/court papersFinancial/bank documentsPassenger personal data (including passport numbers)Employee data (full names, email addresses, phone numbers, job titles, salaries, CID)Mercitalia client dataPriority lists of defense-related suppliesAlmaviva contracts with clients/suppliers (e.g., Guardia di Finanza, Carabinieri, health authorities)Tender documentsOrganizational structures (e.g., GENERALI ITALIA S.p.A.)RIF financial documentsTechnical documents for Almaviva projectsFiscal, administrative, and operational documents (up to Q3 2025)Sensitivity Of Data: Extremely High (includes PII, defense contracts, trade secrets, and financial records)Passenger data (passport numbers)Employee data (names, emails, phone numbers, job titles, salaries, CID)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for FDSIS ?
?
What was FDSIS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was FDSIS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on FDSIS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with FDSIS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view FDSIS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Ferrovie dello Stato Italiane S.p.A. Cyber Scoring History | Rankiteo