RCS S.p.A, with registered office in Milan, via Caldera 21; Tax code and VAT number 07715580630 announces to have suffered an IT intrusion on the e-mail server with possible unauthorized access to the contact details of its customers.
Following the internal investigation carried out, the violation seems to have occurred in May 2021. It is assumed that, during this period, contact details relating to phone numbers and emails may have been breached through anauthorised access to email. Therefore, the possible consequences that could occur towards the interested parties concern phishing attacks. For this reason, it is suggested to pay attention to e-mails coming from addresses that could be related to RCS senders.
We would like to point out that any production system or system related to the service has been compromised as they are completely separate.
The incident has been reported to the necessary authorities and regulators including the Public Prosecutor's Office of Milan and the Italian Data Protection Authority. Moreover, a specific internal audit has been undetaken. RCS acted immediately to secure the systems adopting all the necessary measures aimed at limiting the violation and preventing a recurrence. By way of example, the controls on the IT perimeter infrastructures have been increased, it has been forced the password change of all the domain administrative accounts as well as of the user accounts and the web services have been taken offline.
Customers who wish to have further information can contact RCS Data Protection Manager writing a certified email to email@example.com. RCS may also contact the customers concerned through specific communication channels, safeguarding the security and confidentiality of the information.
Data protection and security are an absolute priority for RCS. Within the Company’s organizational and management system, specific lines of action have been defined to improve the standards of technological and organizational security.