The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs.
After detecting the unauthorized access, FFF’s security teamĀ disabled the compromised account and reset all user passwords across the system.
However, before they were detected and evicted from the breached systems, the threat actors stole personal and contact information from members of French football clubs.
“Upon detection of this unauthorized access through the use of a compromised account, the FFF services took the necessary steps to secure the software and data, including immediately disabling the account in question and resetting all user account passwords,” the FFF saidĀ [machine translation].
“This breach is limited to the following data only: name, surname, gender, date and place of birth, nationality, postal address, email address, telephone number and license number.”
As required under European data protection regulations, the organization has filed a criminal complaint and notified France’s National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL), the country’s data protection authority.
The FFF said it will directly notify all individuals whose email addresses appear in the compromised database and urged members to be suspicious of messages claiming to originate from the federation, their clubs, or other senders.
French football club members should be wary of any communications requesting that they open attachments or provide account credentials, passwords, or banking information.
“The FFF is committed to protecting all the data entrusted to it and is constantly strengthening and adapting its security measures in order to cope, like many other actors, with the increasing number and new forms of cyberattacks,” the FFF added.
A spokesperson for the French Football Federation (FFF) was not immediately available for comment when contacted by BleepingComputer earlier today.
Earlier this month, the French social security service for parents and home-based childcare providers (Pajemploi) also suffered a data breach that may have exposed personal information of approximately 1.2 million individuals.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.