Italy’s Professional Registry Breach: 700,000 Identities Up for Grabs on the Dark Web

The digital underworld has struck again - this time targeting the backbone of Italy’s professional class. In a revelation that sent shockwaves through the cybersecurity community, a notorious dark web forum is now offering a cache of over 700,000 personal records, allegedly stolen from an undisclosed Italian Professional Register. The leak, first flagged by threat intelligence firm ParagonSec, lays bare a trove of confidential data that could fuel a new surge of fraud, identity theft, and targeted attacks across the country.

Inside the Leak: What’s at Stake?

According to ParagonSec, the breach surfaced on a prominent underground forum, with the seller - using the alias “gtaviispeak” - advertising a “fresh db” (database) brimming with sensitive information. The dataset reportedly contains full names, dates and places of birth, tax identification codes, email and phone contacts, residential addresses, work affiliations, professional categories, and, alarmingly, passwords in plaintext. While the exact source remains unconfirmed, the scope and structure suggest a high-level institutional or administrative system was compromised.

The inclusion of passwords - regardless of their origin - dramatically heightens the risk. Many users reuse credentials across platforms, making them vulnerable to further account takeovers. Meanwhile, the exposure of tax codes and comprehensive personal data opens the door to sophisticated fraud schemes and highly targeted phishing attacks.

Dark Web Dealings: Telegram at the Center

The records are not being auctioned on the forum itself. Instead, interested buyers are directed to a dedicated Telegram channel - a tactic increasingly favored by cybercriminals for its privacy and ease of communication. To entice potential clients, the seller has posted a sample of the dataset, aiming to demonstrate the authenticity and value of the stolen information.

The Bigger Picture: A Growing Trend

This breach is part of a broader surge in attacks on European public entities and professional organizations. Cyber gangs are targeting official databases, knowing that verified, up-to-date records are gold mines for fraudsters and identity thieves. Even if some forum users have questioned the freshness of the accounts, experts warn that static identifiers - like names, tax codes, and addresses - remain exploitable for years.

As of this writing, the implicated organization has not issued an official response, leaving affected professionals and the wider public in the dark about the true scale and impact of the breach.