Italian Telecom Giant WINDTRE Fined $1.94M After Hackers Expose 365,000 Customers

MILAN — Italy’s data privacy watchdog has slapped telecom operator WINDTRE with a €1.7 million fine — roughly $1.94 million — after finding serious flaws in the company’s data security that allowed hackers to access personal information belonging to more than 365,000 customers.

The investigation was launched after WINDTRE, which is owned by CK Hutchison, reported the two unauthorized breaches to authorities in February 2025.

According to the regulator, cybercriminals disguised themselves as technical support workers to trick employees at two retail locations into granting them access to the company’s internal systems.

The stolen data included personal and contact information for hundreds of thousands of customers. For 41,359 of those customers, the exposure was even more serious — their payment information was compromised, including bank account details, partially hidden credit card numbers, and card expiration dates.

Investigators determined that WINDTRE had failed to properly manage access credentials and digital security certificates. The regulator also found that the company’s own internal security reviews had missed vulnerabilities that more thorough testing would have caught.

As part of the penalty, WINDTRE has been directed to improve how it handles access credentials and digital certificates, adopt secure password management tools, and tighten its overall cybersecurity practices to prevent future incidents.

WINDTRE did not respond to requests for comment.