The Agency for Digital Italy, as part of the prevention activities carried out by CERT-AgID, has detected illegal sales of identity documents that were allegedly stolen from hotels operating in Italy.
The breach involves tens of thousands of high-quality scans of passports, ID cards, and other identity documents used by customers during check-in procedures.
Timeline of the attacks reported by the malicious actor
The user who put these documents up for sale goes by the pseudonym ‘mydocs’ and claims to have obtained them by hacking into computer systems between June and August 2025.
After an initial report concerning three hotels, further violations emerged: on 8 August, the same author posted on the same forum an offer to sell a new collection of 17,000 identity documents stolen from another Italian hotel; on 9 and 10 August, new advertisements were posted for over 70,000 documents from four Italian hotels. Finally, late yesterday evening, 12 August, the attacker mydocs published a new advertisement for the sale of 3,600 identity documents stolen from two additional hotels.
If this latest claim is proven to be true, the total number of Italian hotels involved would rise to ten. Further cases may emerge in the coming days. Once stolen, this data can be used for fraudulent purposes, including creating false documents, opening bank accounts and carrying out social engineering attacks and digital identity theft, with serious consequences for the victims.
AgID's response
The Agency is sending a notice to trust service providers (SPID, digital signatures, etc.) to inform them of the incident and urge them to pay closer attention to document verification.
AgID also invites citizens to pay attention to any signs of misuse of their personal data – such as credit applications or unauthorised account openings – and to promptly report any suspected abuse to the competent authorities.
