Malware Attack


Here you can find detailed and regularly updated information resulting from the ongoing investigation on the ransomware attack which affected Campari Group following unauthorized access to its network.

Campari Group has been the victim of a targeted ransomware attack following unauthorized access to its network. After technical investigations, Campari Group is now able to report that some personal and business data have been compromised.

Campari Group offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted employees, customers, suppliers, business partners, as well as to its many stakeholders.

As there is an ongoing investigation in place, it is possible that new facts may come to light going forward.

Here below you will find a general summary of what has been confirmed at this date. You will also be able to retrieve the history of our previous communications on the matter and a FAQ section. On the bottom of the page are the contacts to refer to in case further information is needed.


Nov. 1 The malware attack incident is detected.

Nov. 2 The malware attack is promptly notified to the relevant data protection authorities as well as the Italian cyber police and the FBI.

Nov. 2 Press release: Temporary IT Outage

Nov. 6 Press release: Malware attack- data security update

Nov. 9 Press release: Malware attack: update on IT systems recovery
Nov. 18 Press release: Malware attack: update on IT systems recovery

Dec. 4 Press release: Malware attack- data security update

Potentially Compromised Personal and Business Data (exfiltrated, encrypted and/or accessed)

(i) corporate and/or personal data (mainly contact details including name, surname, address, e-mail, telephone numbers), business information and payment details of Campari Group customers, suppliers and other business partners – the estimated global number of active customers is 10,000 and of active suppliers is 8,500. There may be also contact details of journalists (name, surname, address, e-mail, telephone numbers in the range of 1,000) and curricula vitae of candidates;

(ii) personal data of employees and former employees including name, surname, personal address, e-mail address, job description, telephone numbers, payment details, compensation, performance evaluations, IDs, content of documents / files stored by such employees in network folders, content of outlook inbox – maximum global number is estimated in 6,000;

(iii) confidential business documents and information (such as contracts, analysis, presentations, accounting) - 2TB of exfiltrated data which content is not yet possible to determine as a result of the consequences of the attack.

Defensive Measures and Investigation

Campari Group is implementing all actions deemed appropriate at this stage to further protect its IT estate and, therefore, personal and business data stored therein (checking all servers and end users devices, further raising the IT estate security levels by hardening measures, Multi Factor Authentication Procedures to prevent unauthorized access, acceleration of transfer of IT estate to Cloud).

The investigation into information that has potentially been taken or compromised is continuing and we also are communicating with the data privacy authorities and collaborating with police forces.

Contact for Information and Support

For individuals who wish to inquire about personal information that has potentially been compromised or need support please contact our Group Data Protection Officer at


1) I’m a business partner/supplier/customer who can I contact to receive more information?
Campari Group has kept informed its stakeholders and has offered identity theft support where customary. For individuals who wish to inquire about personal information that has potentially been compromised or need support please contact our Group Data Protection Officer at

2) What are the potential consequences of the breach for data subjects?
Potential consequences of the breach resulting from loss of confidentiality are misuse of contact details, phishing attempts, unwanted contacts, fraud attempts (especially if personal IDs and passwords where stored in Campari Group shared folders), alteration of payment details and consequent payment errors by Campari Group or to Campari Group (e.g. change of IBAN codes).

3) What should I do if my personal data is potentially compromised?
Some simple security advice: do not respond to suspicious requests or messages (especially in relation to payments – such as change of payment details, or request for password or bank account information); do not open any link unless you are absolutely sure it comes from a reliable source.

4) Are your systems still unavailable? When do you expect them to be restored?
Peripheral or secondary services remain temporarily and / or deliberately suspended or operating with reduced functionality in multiple sites, waiting to be sanitized or rebuilt with the aim of restoring full operation in a fully secure way.

5) What is the impact on your production activities?
The recovery of IT systems is ongoing and progressing according to plans. Particularly, the manufacturing and logistics activities as well as the processing of sales orders across main markets have virtually entirely resumed and are regularly functioning.

6) Are you liaising with the authorities? How did you get organized for incident management?
The investigation is ongoing with support of legal, IT and cyber-security experts in full cooperation with data protection and police authorities, as and where legally necessary or appropriate.