The Italian Agency for Digitalization (Agid) has confirmed a large-scale cyberattack targeting hotel servers across Italy. Tens of thousands of high-resolution scans of identification documents, such as passports and ID cards, have been stolen and are now being illegally sold on the dark web.
The incident, first flagged by CERT-AgID, the cybersecurity arm of Agid, is believed to have compromised nearly 100,000 documents. According to official statements, the stolen data includes highly sensitive images collected during standard hotel check-in procedures.
These documents are now being circulated through unauthorized channels, posing a direct risk to both tourists and Italian citizens of digital identity theft.
Agid Decodes the Hack Timeline and Scale of the Breach
The hacker, who operates under the alias “mydocs,” has claimed responsibility for the breach. The individual reportedly gained unauthorized access to hotel computer systems over three months from June to August 2025.
The timeline of the cyberattacks reveals a disturbing pattern. Initially, only three hotels were thought to be affected. However, on August 8, “mydocs” posted a listing on a dark web forum offering 17,000 stolen identity documents from yet another hotel. The following two days, August 9 and 10, saw a surge in activity, with the hacker advertising over 70,000 new identity documents, this time from four additional hotels.
The most recent listing, published on August 12, included 3,600 documents from two more hotels. With these disclosures, the total number of affected Italian hotels has risen to ten, though authorities caution that more cases may surface in the days ahead.
Agid’s Response and Warnings
In response to the growing threat, the Italian Agency for Digitalization has launched a series of preventative actions. Agid is distributing a circular to all digital trust service providers, including SPID and providers of digital signatures, urging them to be on high alert during document verification processes.
“This includes tens of thousands of high-resolution scans of passports, ID cards, and other forms of identification used by guests during check-in procedures,” an official statement from Agid confirmed.
The agency emphasized the potential for these documents to be used in a wide range of fraudulent activities, from forging fake IDs to opening unauthorized bank accounts and conducting targeted social engineering attacks.
A Growing Threat to Digital Identity
Hotels, which collect vast amounts of personal information during routine operations, are becoming attractive targets for cybercriminals.
CERT-AgID has advised citizens and tourists alike to stay vigilant for any unusual activity related to their personal data. This includes unexpected credit applications, unauthorized access to financial accounts, and other signs of digital identity theft. Individuals are encouraged to report any suspicious behavior to the relevant authorities promptly.
As investigations continue, Agid is working closely with law enforcement and cybersecurity professionals to contain the damage and prevent future attacks. While ten hotels have officially acknowledged the breach, the nature of cyber threats means the full scope of the incident may not yet be known.
The Italian Agency for Digitalization is urging all hospitality operators to strengthen their cybersecurity infrastructure and adopt best practices to safeguard sensitive customer data. The agency also reiterates that the misuse of identity documents can result in “serious consequences for victims, both economically and legally.”
