The company declares that the payment data were not involved
TIM has recently made public that it has been the subject of a data breach . In other words an unauthorized person managed to access the company's servers where user data is kept. It is currently unclear exactly how extensive the breach was, nor exactly what data is involved. As a precaution, the company has in any case blocked the users of the possible interested parties and recommends changing the password to access the service as soon as possible as well as all other users with a similar password .
From this we can deduce that the login credentials were the object of the hacker attack, even if TIM has not, for now, provided more details, but has specified that the payment details have not been touched . However, it remains possible that the stolen information will be used in future phishing attempts . The company is informing the customers involved in the attack by sending the communication you find below. Even if you are unable to access the MyTIM portal, you are therefore part of the user group affected by the event.
Communication sent to the customers involvedDear Customer,
we wish to inform you that, in the face of the security control activities on our systems, anomalous activities have been detected, carried out by unknown third parties, which could jeopardize the confidentiality of your login credentials to MyTIM.
For your protection and to ensure the security of your information, we are taking steps to disable your MyTIM credentials as a precaution, also used for access to some TIM services related (TIM Party, TIM Personal), making it mandatory to change the password at the first access to the MyTIM private area, to be carried out at the following address https://mytim.tim.it/auth/recupero-password.html
If you have already changed your password after disabling it, we recommend that you evaluate its structure for the purpose of greater security and in the case of carrying out the procedure for changing it at the next access to MyTIM and to your e-mail inbox. In this regard, we consider it appropriate to recommend that you no longer use the old password or a similar one, as well as change the password used to access any other online service, if it coincides with or similar to the one previously used on MyTIM. On this occasion, we remind you, which suitable measures to prevent abuse or fraud, to carefully guard and never disclose the authentication credentials to portals or systems on the web, to use “structured” passwords (eg composed of numbers, uppercase and lowercase letters , special characters) to be changed periodically, to pay attention to phishing actions, to periodically update the software on your PC and mobile phone and to use an Antivirus.
The compromise of the credentials of authentication could in fact involve access by third parties to online services to which you have registered, with consequent loss of control over your personal data, possible fraudulent acquisition of information concerning you or even any situations of identity theft.
Of this event, in accordance with current legislation (Article 33 of EU Regulation 2016/679, the so-called GDPR), we have also sent a formal notification to the Privacy Guarantor.
In this case we consider ourselves as an injured party like our Customers, and we reserve the right to assert our interests and rights in any location.
We inform you that for any need you may have in this regard, you can contact us to our Customer Service 187.
Goodbye at TIM