Italian Hackers Used Ministry Emails to Spy on Users | Data Breach News
Young Men Accused of Impersonating Law Enforcement to Obtain Sensitive Data
Milan, Italy – February 15, 2026 – Six individuals in their twenties are facing potential prosecution after allegedly using official email addresses linked to the Italian Ministry of the Interior and the Carabinieri (national gendarmerie) to gain unauthorized access to information from major technology and telecommunications companies. The alleged activity took place between 2021 and 2022.
According to investigators, the group contacted companies including Wind Tre, Telecom Italia, Vodafone, Iliad, Microsoft, TikTok, Amazon, Facebook, and Snapchat, falsely presenting themselves as members of Italian law enforcement. Their aim was to obtain sensitive user data, purportedly acting on behalf of a client identified on the dark web. They allegedly sought access to channels reserved for official requests from authorities.
The scheme extended to Google, where a forged anti-terrorism decree was reportedly used in an attempt to acquire personal data on two individuals. Similar requests were likewise made to the Israeli companies NSO Group and Chainalysis, reportedly to test software for mobile phone infection and interception, and cryptocurrency wallet tracking, respectively. Microsoft was allegedly asked for documentation related to the Israeli company Finovation.
TikTok was reportedly targeted for data on four YouTubers known for their appearance on the Rai 2 reality display “Il Collegio.” In a separate incident, one of the accused allegedly contacted the U.S. Department of State while posing as a representative of the Italian Ministry of Defence.
Milan prosecutors Francesca Crupi and Bianca Maria Eugenia Baj Macario have requested that all six individuals be sent to trial, alleging a systematic effort to illegally access confidential information.
Defense lawyers argue that their clients did not directly breach any computer systems, but rather received data from individuals online who recruited them as intermediaries. One of the accused, currently detained on unrelated robbery charges, has reportedly admitted knowledge of shared credentials for accessing restricted law enforcement portals.
The alleged motive appears to be financial, with the group intending to monetize the acquired information through theft, blackmail, or access to victims’ accounts. Agreements reportedly stipulated that 20 percent of any profits would be paid in cryptocurrency.