The French Football Federation (FFF) announced on Tuesday March 26 that it had been the victim of a cyberattack which threatened the data of more than a million of its licensees. “The FFF learned on March 22 that potentially 1.5 million data from its licensees had been collected,” the Paris prosecutor’s office told RTL, confirming the information from Le Parisien and the specialized site Zataz.
The personal data concerned are surnames, first names, postal addresses, emails, ages as well as licensees’ clubs. The personal data of professional players, however, is not in danger.
A preliminary investigation has been opened
“Only data relating to license applications for the 2022-2023 and 2023-2024 seasons are likely to be affected. Passwords, bank details, medical data and identity photographs are, however, not affected,” indicates the Cybermalveillance site in a press release. It also specifies that “the FFF will individually inform all people affected by this personal data violation. The FFF also filed a complaint and reported the incident to the CNIL.
A preliminary investigation was opened by the Brigade for the Fight Against Cybercrime (BL2C) for introduction, access and maintenance in an automated data system. The main risk for these millions of victims is seeing their personal data resold. An online complaint form has been made available to victims by the authorities.
While the identity of the hackers remains unknown, an individual using the pseudonym Chris Fellenberg claimed responsibility for the action on an online forum and on the Telegram messaging platform on March 25. The modus operandi of the hack has not been determined.
