Attackers recently posted claims on a prominent data-leak forum, boasting they had obtained more than one million records tied to Poste Italiane, the country’s national postal service. The alleged dataset, according to the forum listing, contains customer names, tax codes, and assorted personal details — the sort of haul that would normally trigger immediate alarm. But Cybernews’ research team dug into the samples and says the evidence looks far less convincing: old or stitched-together data, not a clean, novel exfiltration from Poste Italiane’s systems.
Alleged Leak Posted on Data Forum
The threat actors published a listing on a marketplace commonly used to trade or auction stolen information. The post’s headline number — over a million records — is attention-grabbing, and the brief preview screenshots are designed to signal possession. However, the forum post offered few technical indicators of a live compromise, and the attached sample files raised red flags for investigators examining provenance, timestamps, and consistency.
Poste Italiane Response
Poste Italiane, which is jointly held by state-backed Cassa Depositi e Prestiti (CDP) and Italy’s Ministry of Economy and Finance, told Cybernews it was aware of the online claims but maintained that “No data has been stolen or transferred from our information systems. The operation and security of the company’s digital services have not been compromised.” The company also emphasized customer hygiene: do not share login credentials, change passwords periodically, and avoid reusing the same credentials across services. Poste Italiane generates annual revenues exceeding €12 billion (approximately $14 billion) and employs about 120,000 people — scale that makes any credible leak especially consequential.
Analysis by Researchers
Researchers examined the sample dataset posted by the attackers and identified several anomalies that suggest the material was not freshly extracted from Poste Italiane systems. “Looks like they took a large dataset of stealer logs, filtered out accounts for Poste Italiane, and then tried to enrich the data with fields such as tax code and date of birth. The data also includes duplicates as well as incomplete entries, such as missing email addresses,” the research team noted. In short, the files appear to be a collage: older credential dumps or stealer logs recombined with appended fields to inflate perceived value.
Why This Distinction Matters
If the data are recycled or artificially enriched, the immediate operational risk to Poste Italiane’s infrastructure is lower than if attackers had direct access to internal systems. That said, even curated or republished data can cause harms — enabling phishing, identity fraud, or commercial intelligence gathering — especially when mixed with other leaks. Cybernews’ conclusion that Poste Italiane has not suffered a novel breach, if it holds, will be a relief for customers; meanwhile investigators will still need to trace the data’s origins to understand how it entered criminal channels.
