French Football Federation Hit by Cyberattack, Data Breached
▼ Summary
– The French Football Federation experienced a data breach where attackers used a compromised account to access administrative software used by football clubs.
– FFF’s security team disabled the compromised account and reset all user passwords after detecting the unauthorized access.
– Attackers stole personal information including names, contact details, and license numbers from French football club members before being detected.
– The FFF has filed a criminal complaint and notified French cybersecurity and data protection authorities as required by European regulations.
– The federation will directly notify affected individuals and warned members to be suspicious of messages requesting personal or financial information.
The French Football Federation (FFF) has confirmed a significant cybersecurity incident, revealing that unauthorized individuals accessed its administrative management software. This breach occurred after attackers successfully compromised a user account, gaining entry to the system used by football clubs across the country. Upon discovering the intrusion, the FFF’s security team acted swiftly to neutralize the threat by disabling the affected account and forcing a system-wide password reset for all users.
Despite these rapid containment efforts, the cybercriminals managed to exfiltrate a substantial amount of personal data belonging to members of French football clubs before their access was cut off. The stolen information includes names, surnames, gender, dates and places of birth, nationality, postal addresses, email addresses, telephone numbers, and license numbers. Importantly, the federation has clarified that no financial data or passwords were part of the compromised dataset.
In compliance with the General Data Protection Regulation (GDPR), the FFF has formally lodged a criminal complaint and alerted key French authorities. These include the National Cybersecurity Agency (ANSSI) and the data protection watchdog, the National Commission on Informatics and Liberty (CNIL). The organization is taking these mandatory steps to ensure full regulatory transparency and to cooperate with official investigations into the attack.
The federation plans to directly contact every individual whose email address was exposed in the breach. It is also issuing a strong warning to all members to exercise heightened caution with their communications. People should be particularly suspicious of any messages that appear to come from the FFF, their local clubs, or other unknown senders. Club members are strongly advised to avoid opening unexpected attachments or disclosing any login credentials, passwords, or banking details in response to unsolicited emails or messages.
In an official statement, the FFF emphasized its ongoing commitment to data security, noting that it continuously works to enhance and adapt its protective measures. This effort is part of a broader strategy to defend against the rising volume and sophistication of cyber threats faced by organizations worldwide. A representative from the French Football Federation was not immediately available to provide further commentary when reached earlier today.
This incident follows another recent cybersecurity event in France, where the Pajemploi social security service for parents and childcare providers experienced a data breach. That earlier attack potentially exposed the personal information of up to 1.2 million people, highlighting a concerning trend of cyber targeting against major national institutions.
(Source: Bleeping Computer)
