This notice serves to inform you of a recent data security incident that may have involved some of your personal information. AP Valletta Ltd (‘AP Valletta’) is committed to safeguarding your data and so, we want to provide a transparent explanation of what occurred, what we’ve done in response, and how you can stay protected.
What Happened
On 18th July 2025, AP Valletta realised that a mailbox of one of our employees, responsible for issuing invoices to our customers, had been compromised as a result of a malicious phishing attack that had taken place some days earlier. All other parts of our IT infrastructure remained unaffected.
The perpetrator used the illegal access to our employee’s mailbox to send out emails to some of our customers, attempting to trick them into sending payments to their bank account rather than to ours. Some of our customers were rightly suspicious and reached out to us. AP Valletta immediately addressed the incident, ensuring that the perpetrator no longer has access to our mailbox.
It appears that the perpetrator had access to all content of the mailbox during this time. We can confirm that the personal data of our employees and customers, both past and present, could have been included in such mailbox.
Our investigation into the matter is ongoing but at this stage, it does not appear that any data were published online or elsewhere, though this cannot be excluded from occurring some time in future.
What Information Was Involved
The personal data that may have been accessed includes the following:
- Name, surname
- IBAN and similar bank details
- Physical address
- Email address
From our investigations it appears that no financial information (e.g. credit card numbers) or identity documentation (e.g. copies of identity cards or passports) were involved in this incident.
What We Are Doing
We have taken immediate and ongoing steps to contain and address the incident, including:
- Changing the password of the compromised mailbox;
- Reaching out directly to those of our customers who were targeted as a result of this incident;
- Implementing increased monitoring and vigilance across our IT systems to detect and prevent any further suspicious activity;
- We immediately engaged outside legal counsel to assist us and advise us on the necessary procedural steps to be taken and are following their advice as we proceed with our internal investigation and remedial measures;
- Reporting the incident to the Maltese Information and Data Protection Commissioner in accordance with applicable data protection laws.
As stated above, at this time, we have not observed any further malicious activity within our systems or any evidence of data misuse, but we continue to monitor the situation closely.
What You Can Do
We recommend that you remain alert to any suspicious communications or activity. You may wish to:
- Monitor your email and accounts for phishing attempts or unusual activity.
- Be cautious about unsolicited communications that ask for personal information or that ask you to click on suspicious links, whether the sender is known to you or not.
- Consider contacting the relevant authorities if you suspect any misuse of data.
- Inform your family member or others, whom we might have no way of reaching and whose data might have also been affected if you had sent it to us, to also remain vigilant and follow the above steps.
If you have any questions or would like more information, please contact us at info@apvalletta.eu or at +356 2124 3981.
We understand that this incident may be concerning and want to reassure you that we are addressing it carefully and thoroughly. Data security is important to us, and we are taking steps to help reduce the risk of similar incidents in the future.
Thank you for your understanding,
The AP team