Cigarettes for €0.10 a pack? Italian shops hit by vending-machine hack attack

Italian tobacco associations estimate up to €250,000 in losses after hundreds of tobacco vending machines were the subject of a cyber-attack thought to be the work of anarchists.

The hack attack on the evening of 25th March targeted vending machines produced by the Italian company Laservideo. Internal documents show 12% of the firm’s machines were affected, with half of those dropping cigarette prices to €0.10 per pack.

The Italian Federation of Tobacconists (FIT) told TobaccoIntelligence between 500 and 1,000 machines were attacked in an episode that raises questions about the security of vending machines of all kinds.

Laservideo estimated that each machine affected lost about €250, though one experienced a loss of €2,300, while 36 others lost over €1,000 each.

Further losses were suffered through customers being unable to purchase tobacco products, though estimates are difficult to calculate.

Would-be customers were surprised to see an unusual greeting on machines’ monitors. Instead of steps for buying cigarettes, they were presented with an image featuring a group of grey figures resembling police and, in the centre, a man with a raised arm in red and a message reading, “Free Alfredo from 41bis”.


Subscribe to our Newsletter

Join in to hear about news, events, and podcasts in the sector

    See more

    Compensation offer


    Anarchist Alfredo Cospito, jailed in 2012 for a non-fatal gun attack on a nuclear energy boss, is currently on hunger strike in 41-bis, a solitary confinement “hard prison” intended for Mafia leaders.

    “As soon as our members notified us about the cyber attack, we sent notifications to our other members telling them to turn off their vending machines,” the FIT spokesperson said.

    Another tobacconists association, Assotabaccai, told TobaccoIntelligence that as far as they knew this was the first time cigarette vending machines had been targeted in this way. “Some of our members were able to detect the cyber attack on their own, while others were informed about it by their customers and friends,” they said.

    Laservideo clarified that the attacks did not target their servers. It appears that the hackers directly modified individual memory allocations on the distributor’s hard drives, specifically targeting machines in individual retail points.

    While the attack is still being investigated, and Laservideo has stated that it is not legally liable for the incident, it has offered compensation to affected tobacconists, covering the price paid by them for lost goods rather than what consumers would have paid under normal circumstances. It is currently unclear whether customs duties will have to be paid on the lost product and, if so, who will be responsible.

    Dario Sabaghi TobaccoIntelligence contributing writer

    Author default picture


    This article was written by one of TobaccoIntelligence’s international correspondents. We currently employ more than 40 reporters around the world to cover individual nicotine markets.

    Our Key Benefits

    The global novel nicotine market is in an opaque regulatory environment that requires professionals to be on top of industry developments to make informed decisions and optimise their strategy.

    TobaccoIntelligence provides organisations with leading market and regulatory data analysis to anticipate and understand market developments globally and the impact of regulatory changes to the business.

    • Stay informed of any legal and market change in the sector that impacts your organisation
    • Maximise resources by getting market and legal data analysis daily in one place
    • Make smart decisions by understanding how the regulatory and market landscape evolves
    • Anticipate risks in your decisions by monitoring regulatory changes that impact your organisation