New day, new data hacking announcement. After France Work Recently, this time it was the French Football Federation (FFF) which was the victim of a cyberattack.
France seems to be facing waves of massive hacking. Since the beginning of 2024, two third-party payment specialists have seen their data stolen, then it was the turn of France Travail and its gargantuan leak and now it is the French Football Federation which has been targeted by a malicious hacker .
No leak of bank details
As Le Parisien learned, the famous association would have seen data belonging to 1.5 million of its licensees being sucked in following a hack that took place around March 22. This would more specifically concern data from 2022-2023 and 2023-2024 licensees.
As is often the case, personal and sensitive data were collected, namely: name, first name, date and place of birth, nationality, email and postal address, telephone and license number and club of attachment. For minors, the identity of the legal representative would also have been recovered by the hacker(s). Information confirmed by the Cybermalveillance.gouv.fr service which nevertheless specifies that “thePasswords, bank details, medical data and identity photographs are, however, not affected.»
As is customary, the FFF notified the CNIL, filed a complaint with the Cybercrime Brigade and sent a press release to licensees as well as clubs, leagues and districts. A complaint letter form for “breaches of automated data processing systems, fraudulent collection of personal data and concealment of property resulting from a crime» was made available by the Paris Judicial Police Department. The federation now claims to have closed the breach used to infiltrate its systems.
A flaw already discovered in 2023
The specialized site Zataz, which was one of the first to discover the hack, claims to have already alerted the FFF in 2023 of a vulnerability in one of its programming interfaces which allowed anyone to consult data on different clubs, matches, referees and even personal data. The association then quickly plugged the breach.
As usual with this type of leak, the CNIL advises being particularly attentive to phishing and identity theft attempts that could take place in the coming weeks.
Source: Le Parisien, Zataz
0