Colin Thierry
Published on: July 27, 2022

Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L’Agenzia delle Entrate).

LockBit claimed that they stole 100 GB of data, including company documents, scans, financial reports, and contracts. The ransomware group said that they will leak this data online if the Italian tax agency doesn’t pay a ransom demand by Aug. 1.

The Italian revenue agency shared an official statement on its website in regard to “the alleged theft of data from the tax information system,” and said that it requested more info from Sogei (Società Generale d’Informatica) SpA. Sogei SpA is a Ministry of Economy and Finance public company that manages the technological infrastructure of the financial administration.

“From the technical investigations carried out, Sogei excludes that a cyber attack on the Agency’s website may have occurred,” the agency said on Monday.

Additionally, Sogei SpA managess IT infrastructure used by other Italian agencies, including the Ministries of Justice, Interior, and Education, the State Attorney General, and the Department of the Treasury.

A spokesperson for the company told reporters that “there are no cyber attacks on the financial administration’s technological platforms and infrastructures,” and that “it is not possible to provide further details as investigations are ongoing.”

The company also shared an official statement on its website saying it found no evidence of a cyberattack that impacted the Italian revenue agency.

“With regard to the alleged cyber attack on the tax information system, Sogei spa informs that from the first analyzes carried out, no cyber attacks have occurred nor have data been stolen from platforms and technological infrastructures of the Financial Administration,” the company said on Monday.

“From the technical investigations carried out, Sogei, therefore, excludes that a cyber attack on the site of the Revenue Agency,” it added.

Sogei SpA also said that it’s currently collaborating with and supporting an ongoing joint investigation coordinated by the Italian National Cybersecurity Agency and the Postal Police.