Millions of amateur football players in France may have seen their personal data exposed after the French Football Federation (FFF) suffered a cyber-attack.
In a statement published on November 26, the FFF said it detected unauthorized access to the software platform used by all licensed football clubs in the country to manage administrative tasks, including registering their players with the federation.
The exposed data includes:
- Names
- Genders
- Dates of birth
- Birth locations
- Nationalities
- Postal addresses
- Email addresses
- Phone numbers
- Football license ID number
The FFF believes the intrusion occurred on November 20.
“As soon as the FFF services detected this unauthorized access via a compromised account, they took the necessary steps to secure the software and data, including immediately deactivating the affected account and resetting all user account passwords,” the statement said.
The FFF filed a complaint with the French authorities and notified the French Data Protection Agency (CNIL) and the French Cybersecurity Agency (ANSSI).
It also plans to inform every affected individual whose email address was in the compromised database.
The federation urged all football license holders in France to stay vigilant against phishing scams following the incidents, with SMS and emails purportedly coming from the federation or their football club that could be used in scams.
The FFF reported a record number of over 2.3 million football license holders in the country for the season 2023-2024, according to the latest figures that are publicly available.
This cyber-attack comes three weeks after the French Shooting Federation experienced a similar attack.
Photo credits: HJBC / Shutterstock