Trenitalia: hacker attack on some customer data
Trenitalia states, however, that “no account login details, personal credentials or payment information (such as card number, expiry date or security code) were compromised”
In October 2025, Trenitalia detected an attempted cyber-attack carried out by unidentified external parties. The incident resulted in “access to some personal data belonging to a proportion of its passengers”. The incident concerned “exclusively certain data associated with travel tickets”. No payment details, account login credentials or credit or debit card information (card number, expiry date and security code) were compromised. This has been announced by Trenitalia.
Trenitalia “immediately implemented all necessary security measures”. It was only once the technical checks had been completed that it was possible to proceed with the individual notifications required by current legislation. Trenitalia has notified the Italian Data Protection Authority and the relevant bodies of the incident, as well as lodging a complaint with the Public Prosecutor’s Office at the Court of Rome, whilst cooperating fully with the authorities.

