The French Football Federation (FFF) has publicly confirmed it fell victim to a significant cyber attack, resulting in the theft of personal data belonging to its members.
How the Football Data Breach Unfolded
The incident targeted a specific software platform used by football clubs across France for their day-to-day administrative duties, with a primary function of managing registered members. The FFF described the event as "a cyber-malicious act and a data theft." The breach was executed through a compromised user account, which provided the attackers with unauthorised access to the system.
Upon detecting the intrusion, the federation's technical teams moved swiftly to contain the threat. They immediately disabled the compromised account and reset all user-account passwords to secure the software and the data it contained. The FFF has since stated that the issue has been fully resolved.
Scope of the Attack and Official Response
While the FFF did not disclose the exact number of individuals affected, it confirmed that the stolen data was limited to personal information. This included details such as names, gender, nationality, and postal and email addresses. The federation has officially filed a legal complaint regarding the breach.
In a statement, the FFF reaffirmed its commitment to data security, noting it continuously works to strengthen its defences. The organisation stated it is dedicated to "protecting all the data entrusted to it" and adapts its security measures to counter the evolving landscape of cyber threats, a challenge faced by many modern organisations.
