Olympique de Marseille Confirms Cyberattack Following Data Leak Claims
French football club Olympique de Marseille (OM) confirmed it was targeted by an attempted cyberattack after a threat actor claimed to have breached club systems and leaked a sample of allegedly stolen data on a hacking forum. The actor claims access to servers containing data on roughly 400,000 individuals, including names, addresses, email addresses, and phone numbers, and also alleges theft of information tied to ~2,050 Drupal CMS accounts (including staff and contributor/moderator accounts).
OM said its technical teams and external specialist providers contained the incident quickly and that operations continue normally. The club stated no banking details or passwords were compromised, reported the matter to France’s data protection authority CNIL, and warned supporters to be alert for phishing attempts leveraging the incident. Reporting also noted the event in the context of a broader uptick in attacks against large organizations and referenced a prior breach affecting the French Football Federation.
Related Entities
Sources
Related Stories
French Football Federation Data Breach via Compromised Account
The French Football Federation (FFF) suffered a significant cyberattack in which threat actors exploited a compromised user account to access the federation’s administrative management software. This breach resulted in the theft of sensitive personal data belonging to over two million registered amateur football players and club members, including names, dates and places of birth, nationalities, postal and email addresses, phone numbers, and football license numbers. Financial data and passwords were reportedly not affected. Upon discovering the breach on November 20, 2025, the FFF immediately deactivated the compromised account, reset all user passwords, and secured its systems. The FFF has filed a formal complaint with French authorities and notified both the National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL). Affected individuals whose email addresses were exposed are being contacted directly, and the federation has urged all members to be vigilant against potential phishing attempts and scams leveraging the stolen data. This incident highlights the growing cyber risks faced by sports organizations and underscores the need for robust cybersecurity measures to protect large volumes of personal information managed by such entities.
3 months agoCyberattack on French Interior Ministry Email Servers
The French Interior Ministry confirmed a cyberattack that compromised its email servers, allowing attackers to access certain document files. In response, the ministry implemented enhanced security protocols and access controls, while an investigation was launched to determine the origin and scope of the breach. Authorities have not yet confirmed whether any data was stolen, and are considering multiple possible motives, including foreign interference, hacktivism, or cybercrime. The Interior Ministry, which oversees police, internal security, and immigration, is considered a high-value target for both state-sponsored and criminal actors. The incident was reported in several news roundups, highlighting its significance within the broader context of European cybersecurity threats. While attribution has not been established for this specific attack, previous campaigns against French government entities have been linked to Russian state-sponsored groups such as APT28. The breach underscores ongoing concerns about the vulnerability of critical government infrastructure to sophisticated cyber threats and the need for robust incident response and investigation procedures.
3 months ago
Data exposures tied to third-party access and credential misuse in Ukraine and France
Ukraine’s National Bank (NBU) took its **collectible coin/numismatic online store** offline after a cyberattack against a supporting **contractor** potentially exposed customer registration data (names, phone numbers, emails, and delivery addresses). The NBU said **core banking systems were not affected** and **no payment card or banking data** was compromised, but warned the exposed PII could be leveraged for **phishing** and other follow-on fraud; the incident was described as consistent with a **supply-chain** intrusion path. In France, authorities disclosed illegal access to a portion of the **National Bank Accounts File (FICOBA)**—a government database used for tax, customs, and law-enforcement purposes—after an attacker **impersonated a civil servant** and used valid credentials to query data. Officials said up to **1.2 million accounts** may have been impacted, with exposed fields potentially including account numbers, names, addresses, and in some cases tax identifiers; **DGFiP**, supported by **ANSSI**, is investigating and notifying affected individuals while banks were alerted to heighten fraud/phishing monitoring. Separately, **Safran Group** denied being cyberattacked, stating that a leaked dataset containing “non-strategic” order/customer details was **inadvertently exposed via a third-party provider**, with external analysis suggesting the compromise occurred elsewhere in the supply chain rather than within Safran’s own systems.
3 weeks ago