What happened to Westpole S.p.A. Let’s try to summarise the events, but above all, let’s try to better understand who Westpole S.p.A. is.
Data breach information
What happened:
On 8 December 2023, Westpole reportedly experienced disruptions starting at about five o’clock in the morning. These disruptions, not directly detected by the firewalls, would have been interpreted as a data breach and would have triggered threat containment and management procedures.
When it happened: chronology of events
- 8 December 2023: computer incident
- 12 December 2023: first public announcement of Westpole S.p.A.
- 13 December 2023: PA Digitale S.p.A. statement on the incident
- 15 December 2023: second public announcement by Westpole S.p.A.
Further useful details
It is worth starting with an excerpt from WestPole S.p.A.’s first public announcement, that of 12 December.
On 8 December, we detected some suspicious activity in the Westpole Data Centre in Italy. As soon as we became aware of this incident, we immediately initiated the planned emergency processes. As a result of this security incident, many of our customers’ IT systems, and our own, are experiencing disruptions. We want to assure you that there is currently no indication in Westpole’s (customers’) IT systems that any (customer) data has been exfiltrated or leaked.
This thesis was further confirmed by WestPole S.p.A. and reported in the PA Digitale press release.
Based on the evidence reported and available at present, to be confirmed and enriched
through more in-depth forensic analysis, we consider the exfiltration of data by the attacker to be unlikely.
by the attacker, who was evidently interested in blocking the infrastructure, not in the content of the
data, of an undifferentiated type, present on our repositories and within the approximately 1,500 virtual machines
virtual machines in it.
Concerning the fact that Westpole S.p.A.’s firewalls did not detect any anomalies, this information was quoted in the PA Digitale communication of 13 December 2023, where it reads:
The firewalls did not reveal, neither during the period of execution of the attack, nor during the
previous days, any traffic attributable to data exfiltration.
At the moment (19 December 2023 – 10:37AM) there is no claim on the LockBit group portal.
About Westpole S.p.A.
Westpole S.p.A. is an Italian company that provides IT services to private individuals and public administrations; the company has a not inconsiderable customer portfolio, serving 1,300 public administrations, including 540 Italian municipalities. Westpole is a complex reality, it has an expansion that goes beyond national borders. In a 2021 CorCom article, one can read a quotation from Massimo Moggi, CEO and President of Westpole S.p.A.:
With the expansion into France, Westpole enters one of the key countries for digital innovation in Europe. As the number of locations grows, our goal remains to create synergies and work as one team, to build together the future of a leading international Cloud group, strengthening the value proposition for the benefit of our customers.
At the time of CorCom’s interview, Westpole had eight offices located in Italy, Belgium and Luxembourg, generating a turnover of around EUR 100 million.
National press
Claudio Sono is not wrong to comment on Twitter on the behaviour of much of the Italian press. This behaviour is easily explained: Italians do not understand hacker attacks.
Today, the Post devoted the intro of its Morning podcast to the Westpole data breach. Correctly, the podcast’s speaker Francesco Costa, who is still one of the paper’s two deputy editors, made clear the importance of giving due weight to such news. These are full-blown acts of sabotage that should be just as worrying as physical tampering with private and public infrastructure. But most Italians do not understand the implications, nor the complexity, despite the fact that these attacks have been occurring for over ten years, albeit in different forms. If one of the purposes of newspapers is to spread culture and provide information, it could be argued that this is where this is done badly and late.
Useful resources
Westpole S.p.A.: screenshot of the site as at 12 December 2023