Data theft at Italian hotels: tens of thousands of identity documents up for sale

Tens of thousands of identity documents stolen from Italian hotel guests have been put up for sale on the dark web. The malicious actor "mydocs" continues to post new listings, raising concerns about data security and the risk of fraud and identity theft.

A series of cyberattacks have hit several hotels in Italy, resulting in the theft and subsequent sale of tens of thousands of guest identity documents on the dark web. The alarm was raised by Cert-Agid, which monitored the activity of a malicious actor known as "mydocs," responsible for selling high-resolution scans of passports, identity cards, and other identification documents .

The criminal activity began between June and July 2025, with unauthorized access to the systems of three Italian hotels. Since then, the situation has progressively worsened. In just over a month, the attack has expanded to a total of ten accommodation facilities, with a growing number of documents being put up for sale . "mydocs" claimed the theft of over 70,000 new identity documents from four different Italian hotels over the weekend of August 9-10 alone. The latest updates on August 14, 2025, confirmed the sale of approximately 9,300 scans relating to two new properties, bringing the declared total to a much higher and constantly evolving number .

These documents, obtained during check-in, represent valuable loot for cybercriminals. The consequences of identity theft can be devastating for victims. Personal information is used for a wide range of illicit activities, including:

Creation of fake documents based on real identities, which can be used for criminal purposes .

Opening fraudulent bank accounts or lines of credit, leaving victims with unrecognized debts .

Social engineering activities, to target victims or their personal and professional networks with targeted scams .

The escalation of these attacks highlights a systemic vulnerability in the hospitality sector and underscores the urgent need to strengthen security measures. Although similar incidents have been reported in the past, the frequency and scale of the latest attacks indicate a worrying trend.

Companies that handle sensitive data are required to adopt more stringent security protocols and invest in protecting their digital systems. At the same time, citizens must also play an active role in protecting their identities. It's essential to regularly monitor their finances for suspicious activity and avoid sharing copies of personal documents over unsecured channels.

If you suspect identity theft, it's essential to act promptly and report the incident to the relevant authorities. The growing threat of personal data theft requires coordinated and informed action by both organizations and individuals.