14.08.2025
2 min
515
Italy records massive hotel data breach. Nearly 100,000 high-quality scans of passports and ID cards for sale on the darknet
The Italian Agency for Digital Development (AGID) has confirmed that at least some of the nearly 100,000 documents put up for sale online are genuine. According to the agency, at least 10 hotels were hacked between June and August 2025, but the number of victims could rise. The attacker, who goes by the alias “mydocs,” said he had accessed booking systems and stolen scans of passports, ID cards and other documents that customers provided during check-in. The latest post offering the sale appeared on a cybercriminal forum on August 12. AGID warns that such data could be used to create fake documents, open bank accounts, commit fraud and steal digital identities.
In Italy, the law requires a valid ID upon check-in, which creates a risk of abuse in the event of a data breach. Such attacks on the hotel industry are common: a survey in North America found that 66% of IT and cybersecurity executives in the industry expected a cyberattack in the summer of 2025. The Garante per la Protezione dei Dati Personali (GPDP) has launched its own investigation and urged all affected hotels to report the incident so that urgent protective measures can be taken.
The hotel incident in Italy demonstrates the scale of the threat to personal data in the hospitality sector and highlights the need to strengthen cyber protection. Businesses and citizens alike should regularly check whether their documents are being used by attackers and report suspicious cases to the authorities.
