MILAN, July 16 (Reuters) – Italy’s data protection authority has fined telecoms operator WINDTRE €1.7 million ($1.94 million) for “serious shortcomings” in its data security systems, leading to two unauthorised breaches and the exposure of personal information belonging to more than 365,000 customers.
• The investigation was prompted by the CK Hutchison owned company’s notification of the breaches in February 2025.
• It revealed that hackers posed as support technicians to gain access to corporate systems through employees at two retail points, the authority said in a statement.
• The compromised data included personal and contact details of customers, with sensitive payment information, such as bank account details, partially obscured credit card numbers, and expiration dates, affecting 41,359 of them.
• The regulator found that WINDTRE had failed to adequately manage access credentials and digital certificates.
• Moreover, security checks conducted by the company did not detect vulnerabilities that the authority said would have been identified with more thorough assessments.
• The authority ordered WINDTRE to enhance its protection for access credentials and digital certificates, implement secure password management tools, and strengthen cybersecurity protocols to prevent similar incidents.
• WINDTRE declined to comment.
($1 = 0.8743 euros)
(Reporting by Gianluca Semeraro, editing by Kirsten Donovan)


Comments