The French Football Federation (FFF), the largest sports federation in France with 2.3 million members, was the victim of a cyberattack resulting in the theft of personal data. “The FFF learned on March 22 that potentially 1.5 million data from its licensees had been collected”indicated the Paris prosecutor's office.
A message published on the darkweb
Last week, a hacker using the pseudonym Chris posted a message on a darkweb forum specializing in data leaks. He then claimed to have stolen the data of several million professional and amateur FFF players. According to the hacker, this data would include names, telephone numbers, dates of birth, email addresses, transfer requests and the leagues and clubs to which the licensees are attached. The modus operandi of the data theft is unknown, and the hacker's responsibility in this cyberattack has not yet been established.
Advertisement
According to the authorities, only data concerning FFF licensees for the 2022-2023 and 2023-2024 seasons are concerned. However, banking data, passwords, medical data and identity photographs would not have been exposed. “The potential consequences of this case concern the different forms of phishing, attempted scams or identity theft of which the people affected by this incident could be victims”warned the Cybermalveillance.gouv.fr platform, in a press release published Tuesday.
Setting up an online complaint form
After being alerted by its security service provider, the FFF contacted the CNIL and filed a complaint. A preliminary investigation was opened at the Anti-Cybercrime Brigade (BL2C) of the Judicial Police Department of the Paris police headquarters. The offenses are as follows: attacks on automated data processing systems, fraudulent collection of personal data and concealment of property resulting from a crime.
A online complaint letter form has been set up on the portal demarches-simplifiees.fr. The Cybermalveillance platform calls “to be particularly vigilant regarding any telephone call or message (email, SMS), which could use (the) compromised personal data in order to make a targeted scam or phishing attempt credible”.
Sports organizations are often targets of hackers because they store a lot of personal data about their members. In October 2023, ASVEL, a Lyon-Villeurbanne basketball club owned by Tony Parker, was hit by a cyberattack. The latter was then claimed by the NoEscape ransomware gang, which claimed to have stolen 32 gigabytes of data.
Advertisement
Selected for you