INPS has been distributing emergency funds to those hardest hit by the coronavirus pandemic

muhammadtoqeer / Shutterstock

The website of INPS, the Italian department of social security and welfare, appears to be operational again after an apparent cyber-attack forced it offline yesterday (April 1).

A tweet yesterday from the official profile of the Ministry of Labor and Social Policies – which oversees the INPS – said the institution’s website had been temporarily suspended due to “hacker attacks”.

INPS tweet on hacker attack

The incident occurred during the first day that VAT-registered and self-employed Italians could apply for €600 ($655) payments as part of a coronavirus relief package that was announced by the government on March 16.

As citizens flocked to the INPS website on the evening of March 31, the hashtag #INPSdown began trending on Twitter, with many Italians reporting unresponsive web pages.

Leaky webform

In a tweet posted yesterday (April 1), the INPS (Istituto nazionale della previdenza sociale) indicated that the website had been overwhelmed with traffic.

This announcement came as a security engineer took to Twitter with unconfirmed reports that the INPS website had also been leaking the personal information of Italian citizens.

Andrea Ganduglia, software developer and CEO of Frequenze Software, told The Daily Swig that refreshing INPS web pages would bring up the details of a different individual each time, prompting suspicions of a potential bug in the site’s cache system.

Ganduglia said that he had been able to view users’ names, tax codes, postal addresses, email addresses, phone numbers, last login time, and some personal messages between the user and the INPS.

INPS screenshot, leaked user profilesINPS website screenshots appear to show Italian citizens’ details being leaked

Asked how many citizens’ personal data could have been exposed by the bug, he said “anyone who had visit[ed] the website during 9AM and 11AM (local time) had the visibility on those data, but I think that the leak has involved few tens of people (I saw randomly four profile[s]).”

A post published on the INPS website yesterday indicated that online services would be available again to consultants and intermediaries between 8am and 4pm and other citizens from 4pm today (April 2).

Earlier today, Labour Minister Nunzia Catalfo said the website has received more than half a million applications for the €600 benefit and was “holding up well”, according to the Italian news agency ANSA.

As of this morning, the INPS site appears to be back online with a new coronavirus web portal. However, Ganduglia had still found the “slow and sometimes unresponsive” as of this morning.

The Daily Swig has contacted INPS for comment.

YOU MIGHT ALSO LIKE Critical flaws in DrayTek Vigor routers patched following attacks