The Ordine Avvocati di Roma leak indexed by leaksear.ch contains 39,134 records from the Lawyers Order of Rome, tied to a May 7, 2019 breach and including names, email addresses, phones, addresses, dates of birth, countries, usernames, and passwords (leaksear.ch metadata). Public reporting linked the incident to Anonymous Italia's claimed release of data connected to roughly 30,000 Roman lawyers, while Have I Been Pwned lists 42,000 unique addresses in the breach (roma.repubblica.it, haveibeenpwned.com).
What happened
La Repubblica reported on May 7, 2019 that Anonymous Italia said it had violated the certified email, PEC, mailboxes of 30,000 lawyers registered with the Rome Order, and that the group posted links to dumps online. The report said Italy's postal police Cnaipic unit was acquiring data and evidence, and that at that time no formal case file had been opened by prosecutors (roma.repubblica.it).
Have I Been Pwned states that data was taken from the breached system and redistributed online, and identifies compromised categories including contact information, email addresses, email messages, geographic locations, passwords, and phone numbers (haveibeenpwned.com).
Codacons, in a May 9, 2019 notice for affected lawyers, said the attack concerned the database of the certified-email provider for the Rome Order, Lextel S.p.A. with the Infocert service, and said involved PEC boxes were blocked. leaksear.ch metadata does not identify the initial access vector, so that provider-specific account should be treated as a public Codacons claim rather than an independently indexed breach fact (codacons.it).
What data was exposed
According to leaksear.ch indexing metadata, searchable exposure fields include address, country, date of birth, email, name, password, phone, and username (leaksear.ch metadata).
Other stored context, not direct search pivots, includes bar order, bar registration number, birth place and province, enrollment date, fax, office and residence address details, tax code, website, request fields, and fields related to custodian, bankruptcy curator, and real estate execution assignments (leaksear.ch metadata). Have I Been Pwned additionally lists email messages among the compromised data categories (haveibeenpwned.com).
Why this matters
Because the dataset combines professional identity, contact details, legal-registration details, addresses, dates of birth, tax-code fields, and passwords, affected lawyers face risks beyond ordinary spam. Password exposure can enable account takeover where credentials were reused, and email or phone data can support convincing phishing that references the Order, PEC services, bar registration, or office details. Journalists and incident responders should also treat exposed email-message data as potentially sensitive client and professional correspondence, because HIBP and Italian reporting describe email messages or PEC mailboxes as part of the incident (haveibeenpwned.com, roma.repubblica.it). Anyone who was registered with the Rome Order around May 2019, or who communicated with an affected PEC mailbox, should check whether their identifiers appear in this leak and reset any reused passwords.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, password, phone, and username.