Trenitalia discloses data breach from October 2025, customer travel and identity details accessed but no payment data leaked
The Italian rail operator is notifying customers after an unauthorised access to personal data linked to travel tickets dating back to October 2025. No account credentials or payment details were compromised.
Incident detection
Trenitalia has begun informing some passengers by email that it detected a cybersecurity incident caused by unidentified external parties. The company states that in October 2025 it recorded an attempted cyber attack that resulted in unauthorised access to a portion of its customers' personal data associated with travel tickets. After months of technical and security analysis, Trenitalia was able to identify the affected individuals and is now sending individual notifications as required by law.
We immediately adopted all necessary measures to interrupt the anomaly, secure systems and further strengthen controls, so as to reduce the risk that similar situations could recur.
- Trenitalia detects attempted cyber attack involving unauthorised access to personal data associated with travel tickets
- After completing technical analysis, Trenitalia begins notifying affected customers and reports the incident to authorities
Data exposed
According to the official communication, the breach involved personal and identifying information (name, surname, date and place of birth, purchaser's name), contact details (email and phone number), travel data (route, date and time of journey, ticket number), loyalty card code, company or employer, ID document details, and offers linked to the ticket. Trenitalia stressed that no account access data, personal credentials or payment information, such as card number, expiry date or security code, were affected.
No account access data, personal credentials or payment information (such as card number, expiration date or security code) were affected.
Company response
The rail operator notified the Italian Data Protection Authority and the national Computer Security Incident Response Team (CSIRT Italia) and filed a complaint with the Rome Public Prosecutor's Office. It said it immediately activated all necessary security measures and carried out deep technical reviews to reconstruct any improper data access.
Phishing risk
In the email to customers, Trenitalia advised vigilance against fraudulent communications or deceptive contact attempts linked to travel. The stolen data could be used in the coming weeks for phishing emails or SMS scams, the company warned.
Broader context at Ferrovie dello Stato
The disclosure comes a day after Stefano Donnarumma resigned as CEO of holding company Ferrovie dello Stato on 25 June 2026, at the invitation of Transport Minister Matteo Salvini, amid ongoing criticism over train delays and network works.
