The Milan prosecutor’s office has uncovered one of the biggest cyber-surveillance scandals in Europe: an organisation that allegedly accessed Italy’s national databases such as the police’s SDI (Sistema di Indagine) system and traded information on behalf of companies, consultants and politicians.

According to Politico, at the center is Equalize srl, founded by former carabiniere Carmine Gallo and working with Mercury Advisors, a strategic communications firm with links to businessman Enrico Pazzali, former head of Milan’s exhibition centre (Fondazione Fiera Milano).

Authorities believe Gallo and his close associate Nunzio Samuele Calamucci were the masterminds of the operation. Through illegal access, the network obtained hundreds of thousands of files – including financial, tax and medical data of public figures. This information was later sold to third parties for the purpose of either extortion or political manipulation.

How the network operated

The group allegedly operated as a “private intelligence agency“. Through insider contacts in security bodies and public agencies, those involved obtained access codes to government systems. There they would locate and export files on selected individuals – politicians, journalists, businessmen – which they would then “package” into reports in the form of “advisory reports” for companies and lobbyists.

Investigations uncovered conversations in which Calamucci says he has a “hard drive with 800,000 SDI files”, while prosecutors seized servers with sensitive data from Equalize’s offices.

The ring’s clients included, according to Italian media, public relations firms, financial advisers and political figures seeking “targeted information” on opponents or associates.

Political implications and involvement of businessmen

The case touches high circles of the Italian economy. Enrico Pazzali, who until recently held public roles in Milan and participated in the city’s development committees, appears to have worked professionally with Equalize figures through Mercury Advisors. Although he denies any involvement, investigators are looking into whether his services were used for “operational cover” for the network.

Politico notes that the case raises “serious questions about transparency in the political communications industry in Italy”, as lobbying firms appear to have used data obtained through illegal access.

The charges and next steps

Those arrested face serious charges:

assembling and participating in a criminal organization, unlawful access to computer systems, leakage of confidential data, information trafficking and extortion.

The Milan prosecutor’s office has already requested the cooperation of the Italian intelligence agency (AISI) to investigate whether some of the data was moved outside Italy. The interior ministry has also carried out a parallel security check of all national databases, following indications that the breach may have lasted more than three years.

Italian authorities have described the case as a “threat to democracy and confidence in state institutions”. The revelation of an organised cyber espionage apparatus, with links to former police officers and communications companies, has caused a political earthquake in Milan – and fears that similar practices may have been used at the European level.