What Happened
In the Pentadiet data breach, a threat actor announced on an underground forum the exfiltration of a database containing sensitive personal data from Pentadiet, an Italian health and wellness company specializing in ketogenic diet programs and medical nutrition services under the Named Group, compromising 137,409 unique users primarily in Italy. The incident, reported in late 2025, exposed personally identifiable information (PII) and internal medical identifiers, including full names, email addresses, fiscal codes (Codice Fiscale), mobile and landline phone numbers, physical addresses (city, region, zip code), internal medical IDs (Codice arca, Informatore Medico, Doctor ID), and user status (patient or practitioner). This has prompted investigations into potential class action lawsuits due to the breach’s impact on user privacy and security.
