Friday, 17 July 2026 · World
USD/EUR 0.8735 USD/GBP 0.7415 USD/JPY 162.3 USD/CNY 6.78 All rates →
RSS
EUROS The World Financial Report
Nº 6 Friday, 17 July 2026 · World Edition
LATEST
Asia

WINDTRE fined €1.7m by Italy after 365,000 customer data breach

EUROS Newsroom · 1h ago · 2 min read · 🇮🇹 Italy
WINDTRE fined €1.7m by Italy after 365,000 customer data breach

Italy's data watchdog fined CK Hutchison-owned WINDTRE €1.7 million after social engineering attacks exposed the payment details of over 41,000 customers, highlighting operational risks for European telecoms.

Italy’s data protection authority has fined telecom operator WINDTRE €1.7 million ($1.94 million) after two cybersecurity breaches exposed the personal information of more than 365,000 customers. The penalty, issued on July 16, underscores the regulatory liabilities European telecoms face when internal security controls fail.

WINDTRE, which is owned by Hong Kong-based conglomerate CK Hutchison, declined to comment on the ruling. The breaches came to light in February 2025 when the company notified the regulator of the incident.

An investigation revealed that hackers used social engineering tactics to compromise corporate systems. The attackers posed as support technicians and gained their initial foothold by deceiving employees at two retail locations.

For investors, the scale of the compromised data elevates the incident beyond a routine IT failure. While the personal and contact details of over 365,000 individuals were exposed, the regulator noted that 41,359 customers had sensitive payment data compromised.

This exposed payment data included bank account details, partially obscured credit card numbers, and card expiration dates. Such financial data exposure increases the risk of direct fraud and subsequent liabilities for the operator.

The Italian authority attributed the breach to "serious shortcomings" in WINDTRE’s data security architecture. Specifically, the regulator found that the company failed to adequately manage access credentials and digital certificates.

Furthermore, internal security checks failed to catch vulnerabilities that should have been flagged during more rigorous assessments. These findings point to potential gaps in operational risk management at CK Hutchison’s Italian subsidiary.

For telecom operators handling vast amounts of consumer financial data, reliance on frontline retail staff represents a significant vulnerability. The human element in these attacks easily circumvents traditional network security perimeters.

To address these failures, the regulator mandated a series of technical overhauls. WINDTRE must now enhance protections for its access credentials and digital certificates, deploy secure password management tools, and strengthen its cybersecurity protocols.

The €1.7 million fine establishes a clear enforcement cost for inadequate data protection in Italy. However, the broader financial impact for WINDTRE may extend beyond the immediate penalty if the breach results in litigation or customer attrition.