Members of the French Football Federation, the country's football governing body catering to over 2.2 million individuals, had their information exposed following the breach of administrative management software used by football clubs, according to The Register
Unauthorized system account associated with a breached account allowed the theft of individuals' names, gender, birthdates, birthplaces, nationalities, phone numbers, email addresses, postal addresses, and license numbers, but not their national identity numbers or banking details, said the FFF. More details on the number of impacted members were not provided but the FFF emphasized that immediate action was taken to deactivate the compromised account and implement password resets for all users.
Additional software security measures have also been implemented in the wake of the intrusion, noted the FFF, which has already notified ANSSI and CNIL, the country's cybersecurity agency and data protection watchdog, respectively. Affected members have also been warned about suspicious messages claiming to be from the FFF after the attack.
Source: https://www.scworld.com/brief/data-breach-compromises-french-football-federation
DFB cybersecurity rating report: https://www.rankiteo.com/company/deutscher-fussball-bund
"id": "DEU1764707176",
"linkid": "deutscher-fussball-bund",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Sports/Recreation',
'location': 'France',
'name': 'French Football Federation (FFF)',
'size': 'Over 2.2 million members',
'type': 'Sports Governing Body'}],
'attack_vector': 'Compromised account',
'customer_advisories': 'Affected members warned about suspicious '
'messages claiming to be from the FFF',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Names, '
'gender, '
'birthdates, '
'birthplaces, '
'nationalities, '
'phone '
'numbers, '
'email '
'addresses, '
'postal '
'addresses, '
'license '
'numbers',
'sensitivity_of_data': 'High (names, birthdates, '
'contact details, license '
'numbers)',
'type_of_data_compromised': 'Personal '
'Identifiable '
'Information (PII)'},
'description': 'Members of the French Football Federation had '
'their information exposed following the breach '
'of administrative management software used by '
'football clubs. Unauthorized access via a '
'compromised account led to the theft of personal '
'data, including names, gender, birthdates, '
'birthplaces, nationalities, phone numbers, email '
'addresses, postal addresses, and license '
'numbers.',
'impact': {'brand_reputation_impact': 'Potential impact due to '
'data exposure and '
'warnings about suspicious '
'messages',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information (names, '
'gender, birthdates, birthplaces, '
'nationalities, phone numbers, '
'email addresses, postal '
'addresses, license numbers)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (exposure of PII)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'None (banking details '
'not exposed)',
'revenue_loss': None,
'systems_affected': 'Administrative management '
'software used by football clubs'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Compromised '
'administrative account',
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': 'Deactivated '
'compromised '
'account, '
'password '
'resets, '
'additional '
'security '
'measures',
'root_causes': 'Compromised account '
'leading to '
'unauthorized access'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'The Register',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': 'Potential '
'GDPR '
'violation '
'(data '
'protection)',
'regulatory_notifications': 'Notified '
'ANSSI '
'(cybersecurity '
'agency) '
'and CNIL '
'(data '
'protection '
'watchdog)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notified affected '
'members and warned about '
'suspicious messages',
'containment_measures': 'Deactivated compromised '
'account, password resets '
'for all users',
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'Additional software '
'security measures '
'implemented',
'third_party_assistance': None},
'title': 'French Football Federation Data Breach',
'type': 'Data Breach'}}