×

Italy fines WINDTRE €1.7 million over data breaches

By Thomson Reuters Jul 16, 2026 | 10:42 AM

MILAN, July 16 (Reuters) – Italy’s data protection authority has fined telecoms operator WINDTRE €1.7 million ($1.94 million) for “serious shortcomings” in ​its data security systems, leading ‌to two unauthorised breaches and the exposure of personal information belonging to more than 365,000 customers.

• The investigation was prompted by the CK ‌Hutchison ​owned company’s notification of ⁠the breaches in ⁠February 2025.

• It revealed that hackers posed as support technicians to gain access to corporate systems through employees at ​two retail points, the authority said in a statement.

• The compromised data ⁠included personal and contact ⁠details of customers, with sensitive ​payment information, such as bank account details, ​partially obscured credit card numbers, and expiration ‌dates, affecting 41,359 of them.

• The regulator found that WINDTRE had failed to adequately manage access credentials and digital ⁠certificates.

• Moreover, security checks conducted by the company did not detect vulnerabilities that the authority said ⁠would ‌have been identified with more ⁠thorough assessments.

• The authority ordered ​WINDTRE ‌to enhance its protection for ​access credentials ⁠and digital certificates, implement secure password management tools, and strengthen cybersecurity protocols to prevent similar incidents.

• WINDTRE declined to comment.

($1 = 0.8743 euros)

(Reporting by Gianluca Semeraro, editing by ​Kirsten Donovan)