August 15, 2025 — Italy’s Computer Emergency Response Team (CERT-AGID) has issued a warning after discovering that cybercriminals are selling stolen identity documents collected from hotel guests across the country.

During the summer of 2025, a hacker group known as “mydocs” breached the booking systems of at least ten Italian hotels, extracting high-resolution scans of passports and national ID cards provided by guests at check-in. The stolen data amounts to tens of thousands of documents, potentially reaching up to 100,000, and is being offered on dark web marketplaces with prices ranging from $1,000 to $10,000. Both domestic and international travelers are affected, with breaches occurring in luxury and city hotels.

Although the attacks took place in June and July, it remains unclear how long hotels retain scanned IDs, meaning guests who stayed at these locations in previous years may also be at risk. AGID has not disclosed the names of the affected hotels but urges them to notify guests whose information might have been compromised.

Risks Posed by Stolen Identity Documents

According to AGID, the stolen data could be exploited for:

• Creating fraudulent new identity documents.
• Opening bank accounts or lines of credit.
• Launching social engineering attacks targeting individuals and their contacts.
• Committing digital identity theft with serious legal and financial consequences.

Authorities advise guests to contact the hotels where they stayed if they suspect their data may have been exposed and to remain vigilant for scams or phishing attempts using their personal information.

Recommended Steps After a Data Breach

If you suspect your personal data has been compromised, consider taking the following measures:

1. Follow vendor guidance – Check the hotel’s official advice for breach-specific instructions.
2. Change passwords – Update your passwords with strong, unique ones, preferably using a password manager.
3. Enable two-factor authentication (2FA) – Use a FIDO2-compliant hardware key or device for stronger protection against phishing.
4. Beware of impersonators – Verify any communications claiming to be from the hotel or vendor through official channels.
5. Take your time – Scammers often create a sense of urgency; carefully verify any unexpected requests or alerts.
6. Avoid storing card details online – While convenient, this reduces the risk of financial loss in the event of a breach.
7. Set up identity monitoring – Use monitoring services to track potential misuse of your personal information and receive alerts if it appears on illicit marketplaces.

By following these steps, guests can better protect themselves from the repercussions of stolen identity documents and reduce the risk of further cybercrime.

Source: https://www.malwarebytes.com/blog/news/2025/08/italian-hotels-breached-for-tens-of-thousands-of-scanned-ids