Ransomware: spacebears claims BASE SPA (IT) — Business Services
BREACH. Sourced from ransomwarelive, summarised by Matproof.
AI Analysis
What changed and what to do.
A new ransomware incident has been publicly reported involving the Italian business services company BASE SPA. The attack was claimed by the threat group known as Spacebears and published on the ransomware.live leak site on 26 May 2026. This event triggers notification obligations under the EU’s General Data Protection Regulation and potentially the NIS2 Directive, as it involves a confirmed data breach affecting a service provider operating in a critical sector.
Organizations in the business services sector, particularly those with EU operations or clients, are directly affected. Any entity that shares data with BASE SPA or relies on its services should assess whether their own data has been compromised. Additionally, regulators in Italy and other member states may initiate cross-border investigations, so all companies in the supply chain should review their contractual data processing agreements and incident response plans.
Compliance teams should immediately verify whether any personal or sensitive data processed by BASE SPA is involved, and if so, prepare breach notifications to the relevant supervisory authority within 72 hours. They should also update their vendor risk assessments, ensure that business continuity and data recovery plans are tested, and monitor the ransomware.live site for any further disclosures. Finally, teams should document all actions taken for audit and regulatory review.
This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.
Map this to your controls
Connect regulatory changes to your compliance work.
Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.