French Football Federation Data Breach via Compromised Account
The French Football Federation (FFF) suffered a significant cyberattack in which threat actors exploited a compromised user account to access the federation’s administrative management software. This breach resulted in the theft of sensitive personal data belonging to over two million registered amateur football players and club members, including names, dates and places of birth, nationalities, postal and email addresses, phone numbers, and football license numbers. Financial data and passwords were reportedly not affected. Upon discovering the breach on November 20, 2025, the FFF immediately deactivated the compromised account, reset all user passwords, and secured its systems.
The FFF has filed a formal complaint with French authorities and notified both the National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL). Affected individuals whose email addresses were exposed are being contacted directly, and the federation has urged all members to be vigilant against potential phishing attempts and scams leveraging the stolen data. This incident highlights the growing cyber risks faced by sports organizations and underscores the need for robust cybersecurity measures to protect large volumes of personal information managed by such entities.
Sources
Related Stories
Unauthorized Access to France’s FICOBA Bank Account Registry Exposes 1.2 Million Accounts
France’s Ministry of the Economy and Finance confirmed that an attacker **accessed and consulted data tied to ~1.2 million French bank accounts** by using **stolen login credentials** belonging to an authorized government user of the national bank account registry (*FICOBA*). The intrusion began in **late January 2026** and exposed account-linked personal data including **IBANs**, account holder **names**, **addresses**, and in some cases **tax identification numbers** (DGFiP-issued). Authorities stated the access did **not** enable viewing balances or initiating transactions. After detection, the ministry reported it **blocked the attacker**, notified France’s data protection authority (**CNIL**), and **filed a criminal complaint**; impacted individuals are expected to be contacted directly, and **banks were alerted** to advise customers to remain vigilant. Reporting noted the incident follows other recent cyber disruptions affecting French public services (including attacks impacting **La Poste/La Banque Postale** and the **Interior Ministry**), though no motive or attribution for the FICOBA access has been publicly confirmed.
3 weeks ago
Olympique de Marseille Confirms Cyberattack Following Data Leak Claims
French football club **Olympique de Marseille (OM)** confirmed it was targeted by an *attempted* cyberattack after a threat actor claimed to have breached club systems and leaked a sample of allegedly stolen data on a hacking forum. The actor claims access to servers containing data on roughly **400,000 individuals**, including names, addresses, email addresses, and phone numbers, and also alleges theft of information tied to **~2,050 Drupal CMS accounts** (including staff and contributor/moderator accounts). OM said its technical teams and external specialist providers contained the incident quickly and that operations continue normally. The club stated **no banking details or passwords** were compromised, reported the matter to France’s data protection authority **CNIL**, and warned supporters to be alert for **phishing** attempts leveraging the incident. Reporting also noted the event in the context of a broader uptick in attacks against large organizations and referenced a prior breach affecting the French Football Federation.
2 weeks ago
French FICOBA Bank Account Registry Accessed Using Stolen Government Credentials
French authorities confirmed unauthorized access to **FICOBA**, the national registry of bank accounts, after an attacker used **stolen credentials belonging to a government official** to view records tied to roughly **1.2 million** accounts. Exposed data reportedly included account numbers and account-holder identity details (names, addresses, and in some cases tax identification numbers), while **balances and transaction histories were not accessed**; officials said the access was detected and blocked quickly and that affected individuals would be notified. A criminal complaint was filed and the incident was reported to **CNIL** (France’s data protection authority). Reporting also indicated the government described the incident as involving data “stolen” from the repository, though other accounts emphasized that access was interrupted before exfiltration could occur, leaving the precise extent of data removal unclear. The incident highlights the risk of credential compromise for privileged government access to sensitive financial registries and the downstream exposure of identity-linked banking metadata that can enable targeted fraud and social engineering even without transaction data.
3 weeks ago