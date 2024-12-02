One of Italy’s oldest football clubs has become the latest victim of a ransomware attack involving data theft, it has revealed.

Bologna FC, which was one of the founding members of Serie A, shared the news in a brief statement on Friday.

“Bologna FC 1909 S.p.a. would like to communicate that a ransomware cyber-attack recently targeted its internal security systems,” it noted. “The crime resulted in the theft of company data which may appear online. Please be warned that it is a serious criminal offence to be in possession of such data or facilitate its publication or diffusion.”

Earlier last week, screenshots posted to X (formerly Twitter) suggested the RansomHub gang was behind the breach.

Its leak site listing claimed that the group, or one of its affiliates, obtained 200GB of stolen data including:

Sponsorship contracts and documents including confidential details

Financial data spanning the club’s entire history

Personal and confidential data on players, fans and employees

Information on transfer strategies, including plans for new and young players

Medical records of players and staff

Confidential data related to stadiums and other buildings

Commercial strategies and business plans

In a classic ploy, the RansomHub affiliate tried to turn the pressure up on Bologna FC by claiming it had violated the GDPR due to poor security posture, and that some of the documents it stole could land the club in legal hot water with FIFA/UEFA.

“Bologna FC was hacked due to a lack of security on their network. All confidential data has been stolen. Bologna FC is violating GDPR laws and disclosing all internal club documents,” the leak site statement read.