{"id":1680,"date":"2026-02-13T16:11:42","date_gmt":"2026-02-13T15:11:42","guid":{"rendered":"https:\/\/www.sofinter.it\/en\/?p=1680"},"modified":"2026-03-26T16:59:32","modified_gmt":"2026-03-26T15:59:32","slug":"it-security-event","status":"publish","type":"post","link":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/","title":{"rendered":"IT security incident update \u2014 March 2026"},"content":{"rendered":"<p><strong>Notice pursuant to Article 34 of Regulation (EU) 2016\/679<\/strong><\/p>\n<p>Sofinter S.p.A. publishes this notice to inform all its stakeholders \u2014 employees, former employees, collaborators, customers, suppliers and partners \u2014 of a cybersecurity incident that occurred between 20 and 24 January 2026, which constituted a personal data breach within the meaning of Regulation (EU) 2016\/679 (the &#8220;GDPR&#8221;).<\/p>\n<p><strong>What happened<\/strong><\/p>\n<p>Between 20 and 24 January 2026, malicious external actors carried out a targeted cyberattack against Sofinter&#8217;s IT infrastructure. The attack exploited compromised access credentials to penetrate the systems and resulted in: (a) the temporary encryption of the VMware ESXi\/vSphere virtualisation infrastructure at the Gallarate site; (b) the exfiltration (unlawful copying) of a significant volume of data stored on corporate servers.<\/p>\n<p>On 6 February 2026, Sofinter learned that the criminal group responsible (PayoutsKing) had published an announcement on the dark web offering the stolen data for sale.<\/p>\n<p>The incident has been notified to the Italian Data Protection Authority (Garante per la protezione dei dati personali) pursuant to Article 33 GDPR.<\/p>\n<p><strong>What data was involved<\/strong><\/p>\n<p>The forensic analysis conducted by a specialized company established that the personal data potentially affected includes: personal and contact details; copies of identity documents (national identity cards, passports, tax code documents); employment and payroll data, including banking details (IBAN); payment data; health data; data relating to trade union membership and political opinions. Not all individuals are affected by all categories of data; the nature and extent of the exfiltration depends on what data was specifically stored in the systems for each individual.<\/p>\n<p><strong>What we have done<\/strong><\/p>\n<p>Sofinter implemented a comprehensive incident response plan, including: full restoration of the IT infrastructure (completed 28 January 2026); immediate blocking of compromised credentials and forced password reset for all domain users; strengthening of cybersecurity systems (multi-factor authentication, privileged access management, system hardening, immutable backup solutions, cloud replication); continuous dark web monitoring; mandatory notification to ACN\/CSIRT-Italy pursuant to the NIS2 framework (20 February 2026); filing of a criminal complaint with the Carabinieri (9 February 2026); direct communication to identified individuals via email; appointment of a specialist forensic firm (FTI Consulting) for incident analysis.<\/p>\n<p><strong>What you can do if you may be affected<\/strong><\/p>\n<p>We recommend that you pay close attention to any unexpected communications \u2014 by email, SMS, or phone \u2014 that request personal data, credentials, or payments, and to monitor your online and banking accounts for any unusual activity. If you believe you have suffered any damage or have doubts about your specific situation, you may contact us at the address provided below.<\/p>\n<p><strong>Your rights<\/strong><\/p>\n<p>You may exercise the rights provided for in Articles 15\u201322 of the GDPR (including access, rectification, and erasure of data) by writing to Sofinter S.p.A. at the addresses indicated below or by consulting the privacy section on the website www.sofinter.it. You also have the right to lodge a complaint with the Italian Data Protection Authority (www.gpdp.it).<\/p>\n<p><strong>Contact<\/strong><\/p>\n<p>For any questions relating to this notice or the exercise of your rights:<\/p>\n<p>\u25cf Sofinter S.p.A. \u2014 Via Conservatorio 17, 20122 Milan (MI), Italy<\/p>\n<p>\u25cf Certified email (PEC): sofinter@legalmail.it \u25cf Email: cybersecurity@sofinter.it<\/p>\n<p>\u25cf Website: www.sofinter.it<\/p>\n<p>We apologise for any inconvenience and for any concern this incident may have caused. We remain committed to full transparency and to protecting the personal data of all those who interact with us.<\/p>\n<p>Sofinter S.p.A.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Notice pursuant to Article 34 of Regulation (EU) 2016\/679 Sofinter S.p.A. publishes this notice to inform all its stakeholders \u2014 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1680","post","type-post","status-publish","format-standard","hentry","category-senza-categoria"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>IT security incident update \u2014 March 2026 - Sofinter<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IT security incident update \u2014 March 2026 - Sofinter\" \/>\n<meta property=\"og:description\" content=\"Notice pursuant to Article 34 of Regulation (EU) 2016\/679 Sofinter S.p.A. publishes this notice to inform all its stakeholders \u2014 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\" \/>\n<meta property=\"og:site_name\" content=\"Sofinter\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-13T15:11:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-26T15:59:32+00:00\" \/>\n<meta name=\"author\" content=\"sofinter\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"sofinter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\"},\"author\":{\"name\":\"sofinter\",\"@id\":\"https:\/\/www.sofinter.it\/en\/#\/schema\/person\/e43274c3461985093d132cf6b6d4b96c\"},\"headline\":\"IT security incident update \u2014 March 2026\",\"datePublished\":\"2026-02-13T15:11:42+00:00\",\"dateModified\":\"2026-03-26T15:59:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\"},\"wordCount\":543,\"publisher\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/#organization\"},\"articleSection\":[\"Senza categoria\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\",\"url\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\",\"name\":\"IT security incident update \u2014 March 2026 - Sofinter\",\"isPartOf\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/#website\"},\"datePublished\":\"2026-02-13T15:11:42+00:00\",\"dateModified\":\"2026-03-26T15:59:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.sofinter.it\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IT security incident update \u2014 March 2026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.sofinter.it\/en\/#website\",\"url\":\"https:\/\/www.sofinter.it\/en\/\",\"name\":\"Sofinter\",\"description\":\"Sofinter Group is a leader in the international energy market, providing plants and parts for the production of steam.\",\"publisher\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.sofinter.it\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.sofinter.it\/en\/#organization\",\"name\":\"Sofinter\",\"url\":\"https:\/\/www.sofinter.it\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sofinter.it\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.sofinter.it\/en\/wp-content\/uploads\/2012\/12\/logo.png\",\"contentUrl\":\"https:\/\/www.sofinter.it\/en\/wp-content\/uploads\/2012\/12\/logo.png\",\"width\":252,\"height\":64,\"caption\":\"Sofinter\"},\"image\":{\"@id\":\"https:\/\/www.sofinter.it\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.sofinter.it\/en\/#\/schema\/person\/e43274c3461985093d132cf6b6d4b96c\",\"name\":\"sofinter\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sofinter.it\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7bc57212d10bf3185a39eca2aff01f84ed2ed92671a0a7dcc492867f9b450135?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7bc57212d10bf3185a39eca2aff01f84ed2ed92671a0a7dcc492867f9b450135?s=96&d=mm&r=g\",\"caption\":\"sofinter\"},\"url\":\"https:\/\/www.sofinter.it\/en\/author\/sofinter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IT security incident update \u2014 March 2026 - Sofinter","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/","og_locale":"en_US","og_type":"article","og_title":"IT security incident update \u2014 March 2026 - Sofinter","og_description":"Notice pursuant to Article 34 of Regulation (EU) 2016\/679 Sofinter S.p.A. publishes this notice to inform all its stakeholders \u2014 [&hellip;]","og_url":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/","og_site_name":"Sofinter","article_published_time":"2026-02-13T15:11:42+00:00","article_modified_time":"2026-03-26T15:59:32+00:00","author":"sofinter","twitter_misc":{"Written by":"sofinter","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/#article","isPartOf":{"@id":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/"},"author":{"name":"sofinter","@id":"https:\/\/www.sofinter.it\/en\/#\/schema\/person\/e43274c3461985093d132cf6b6d4b96c"},"headline":"IT security incident update \u2014 March 2026","datePublished":"2026-02-13T15:11:42+00:00","dateModified":"2026-03-26T15:59:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/"},"wordCount":543,"publisher":{"@id":"https:\/\/www.sofinter.it\/en\/#organization"},"articleSection":["Senza categoria"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/","url":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/","name":"IT security incident update \u2014 March 2026 - Sofinter","isPartOf":{"@id":"https:\/\/www.sofinter.it\/en\/#website"},"datePublished":"2026-02-13T15:11:42+00:00","dateModified":"2026-03-26T15:59:32+00:00","breadcrumb":{"@id":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.sofinter.it\/en\/senza-categoria\/it-security-event\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sofinter.it\/en\/"},{"@type":"ListItem","position":2,"name":"IT security incident update \u2014 March 2026"}]},{"@type":"WebSite","@id":"https:\/\/www.sofinter.it\/en\/#website","url":"https:\/\/www.sofinter.it\/en\/","name":"Sofinter","description":"Sofinter Group is a leader in the international energy market, providing plants and parts for the production of steam.","publisher":{"@id":"https:\/\/www.sofinter.it\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sofinter.it\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.sofinter.it\/en\/#organization","name":"Sofinter","url":"https:\/\/www.sofinter.it\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sofinter.it\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.sofinter.it\/en\/wp-content\/uploads\/2012\/12\/logo.png","contentUrl":"https:\/\/www.sofinter.it\/en\/wp-content\/uploads\/2012\/12\/logo.png","width":252,"height":64,"caption":"Sofinter"},"image":{"@id":"https:\/\/www.sofinter.it\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.sofinter.it\/en\/#\/schema\/person\/e43274c3461985093d132cf6b6d4b96c","name":"sofinter","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sofinter.it\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7bc57212d10bf3185a39eca2aff01f84ed2ed92671a0a7dcc492867f9b450135?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7bc57212d10bf3185a39eca2aff01f84ed2ed92671a0a7dcc492867f9b450135?s=96&d=mm&r=g","caption":"sofinter"},"url":"https:\/\/www.sofinter.it\/en\/author\/sofinter\/"}]}},"_links":{"self":[{"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/posts\/1680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/comments?post=1680"}],"version-history":[{"count":3,"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/posts\/1680\/revisions"}],"predecessor-version":[{"id":1691,"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/posts\/1680\/revisions\/1691"}],"wp:attachment":[{"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/media?parent=1680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/categories?post=1680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sofinter.it\/en\/wp-json\/wp\/v2\/tags?post=1680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}