Subject: Notification of Data Security Incident pursuant to Article 34 of the GDPR

Everel Group S.p.A. ("Everel" or "Company") wishes to inform you that, unfortunately, due to unauthorized access to our systems, some personal data related to individuals who have had dealings with the Company, such as former employees or candidates who have submitted their resumes, may have been compromised.

Types of Data Involved

From the necessary investigations carried out to reconstruct the incident – which are still ongoing – we have ascertained that the incident mainly involved common personal data such as personal details (name, surname, date of birth, tax code), contact details (email, phone number), data contained in resumes, and data related to former employees archived for legally prescribed purposes.

Measures Taken and What You Can Do to Limit Potential Risks

Everel is constantly committed to protecting personal data and strengthening security measures to contain the possible consequences of the incident.

Additionally, all security measures aimed at preventing the recurrence of a similar incident have been promptly implemented (for example: i) restoring our systems thanks to backups; ii) notifying the incident to the police and competent authorities, and iii) preventing the incident from spreading to other IT systems by adopting additional security measures). In addition to the above, and despite our continuous commitment to ensuring adequate protection of personal data and information, we are continuing to monitor the online environment to identify any issues related to the incident.

However, cyber threats are constantly evolving, and communication and collaboration are now important tools for risk prevention. Therefore, we remind you to pay attention to any unusual circumstances when using your accounts. Among the best practices to minimize risks (such as identity theft or phishing), we suggest, for example:

  • Do not respond to emails or contact requests from unknown or unexpected recipients and do not click on links or open attachments in them, as they may be sources of virus dissemination and information theft from your devices.
  • Never provide personal data or access codes via phone, SMS, WhatsApp, or other communication tools, even if the requester claims to be an employee of your bank or your internet, electricity, or gas provider. Scammers often try to create a confidential channel by showing that they already know a lot of information about you, but this does not mean they are authorized individuals. A bank or service provider will never ask for your data or access passwords.
  • Change your access passwords for the services you use regularly, especially if you use the same password for multiple platforms. It is good practice to choose complex passwords with a sufficient number of characters (at least eight), composed of letters, numbers, and punctuation marks, and not directly related to you (e.g., your home address or date of birth). Additionally, it is good practice to have a complex password for each platform or service and activate two-factor authentication where possible.

Furthermore, if you believe you have received a suspicious communication or contact, we invite you to report it to the company contacts listed below and to the police.

Finally, we invite you to consult the guide prepared by the Data Protection Authority, published at the following URL: https://www.garanteprivacy.it/temi/cybersecurity/phishing.


Subject: Notification of Data Security Incident - note for suppliers/customers

Everel Group S.p.A. (“Everel”) wishes to inform you that, unfortunately, we have recently suffered a ransomware cyberattack, which resulted in unauthorized access to our systems and the possible exfiltration of some information.

Measures taken and what you can do to limit potential risks

Everel is constantly committed to protecting personal data and strengthening security measures to contain the possible consequences of the incident. Additionally, all security measures aimed at preventing the recurrence of such an incident have been promptly implemented (for example: i) restoring our systems thanks to backups; ii) notifying the incident to law enforcement and competent authorities, and iii) preventing the propagation of the incident to other IT systems by adopting additional security measures).

In particular, Everel has:

  • Restored and rebuilt all machines affected by the ransomware, as well as the entire corporate access management environment (Active Directory) to ensure service continuity and limit the possible impacts that an interruption could have on the affected parties. Similarly, all virtual servers have been restored to the earliest possible date before the data breach, thanks to backups.
  • Our cybersecurity partner has reset the passwords of active users.
  • The firmware of network devices has been updated to ensure the presence of all the latest security patches.
  • A policy of raising employee awareness for password changes and credential management has been adopted.
  • A weekly IT assessment program has been adopted instead of a monthly one (in addition to the real-time automatic one provided 24/7 by our cybersecurity company)

In addition to the above, and despite our ongoing commitment to ensuring adequate protection of personal data and information, we continue to monitor the online environment to identify any issues related to the incident.

However, cyber threats are constantly evolving, and communication and collaboration are now an important tool for risk prevention. For this reason, we are sending you this notification.


How to Contact Us

For any questions, you can contact us directly at the email address: privacy@everelgroup.com.

In case of updates, we will communicate them in the same manner as this notification.


magnifiercross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram