French Football Federation Data Breach via Compromised Account
The French Football Federation (FFF) suffered a significant cyberattack in which threat actors exploited a compromised user account to access the federation’s administrative management software. This breach resulted in the theft of sensitive personal data belonging to over two million registered amateur football players and club members, including names, dates and places of birth, nationalities, postal and email addresses, phone numbers, and football license numbers. Financial data and passwords were reportedly not affected. Upon discovering the breach on November 20, 2025, the FFF immediately deactivated the compromised account, reset all user passwords, and secured its systems.
The FFF has filed a formal complaint with French authorities and notified both the National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL). Affected individuals whose email addresses were exposed are being contacted directly, and the federation has urged all members to be vigilant against potential phishing attempts and scams leveraging the stolen data. This incident highlights the growing cyber risks faced by sports organizations and underscores the need for robust cybersecurity measures to protect large volumes of personal information managed by such entities.
Timeline
Dec 1, 2025
Further reporting links breach to club software data exposure
Subsequent coverage highlighted that the breach involved software used by football clubs, clarifying the attack path and scope of exposed data within the federation ecosystem. This added technical context to the previously disclosed incident.
Nov 28, 2025
FFF discloses member data breach after attack
FFF disclosed that the cyberattack resulted in the theft of member data, with reports stating attackers accessed personal information tied to federation members. The disclosure established that the incident was not only a service disruption but also a data breach.
Nov 28, 2025
French Football Federation suffers cyberattack on club software systems
The French Football Federation (FFF) was hit by a cyberattack affecting software used by clubs and federation operations. Multiple reports describe the incident as a major breach impacting federation-managed systems.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Unauthorized Access to France’s FICOBA Bank Account Registry Exposes 1.2 Million Accounts
France’s Ministry of the Economy and Finance confirmed that an attacker **accessed and consulted data tied to ~1.2 million French bank accounts** by using **stolen login credentials** belonging to an authorized government user of the national bank account registry (*FICOBA*). The intrusion began in **late January 2026** and exposed account-linked personal data including **IBANs**, account holder **names**, **addresses**, and in some cases **tax identification numbers** (DGFiP-issued). Authorities stated the access did **not** enable viewing balances or initiating transactions. After detection, the ministry reported it **blocked the attacker**, notified France’s data protection authority (**CNIL**), and **filed a criminal complaint**; impacted individuals are expected to be contacted directly, and **banks were alerted** to advise customers to remain vigilant. Reporting noted the incident follows other recent cyber disruptions affecting French public services (including attacks impacting **La Poste/La Banque Postale** and the **Interior Ministry**), though no motive or attribution for the FICOBA access has been publicly confirmed.
3 weeks ago
French Education Breaches Expose Data on 1.7 Million People
French education authorities disclosed two significant breaches affecting both public and Catholic school administration systems. The Ministry of National Education said its `Compass` platform, used to manage trainee teachers in primary and secondary education, was compromised after a user reportedly opened a fraudulent email attachment and had credentials stolen. The incident exposed data on about **243,000 people**, including identity and contact details, absence periods, and the identities and professional phone numbers of tutors, though the ministry said no health data was involved. ANSSI was brought in, a crisis cell was opened, and the ministry announced a security plan centered on **multi-factor authentication**, stronger data segmentation, and reduced application exposure. Separately, the Secrétariat général de l’enseignement catholique reported a cyberattack on its management application for nursery and elementary schools that affected about **1.5 million people**. Unauthorized access exposed identification data for application users and contact information for students, families, and teachers, including names, postal and email addresses, phone numbers, and dates of birth, increasing the risk of phishing. The organization said it secured access, suspended affected services, notified authorities including the French Ministry of Education, and engaged specialist responders, while a forum user calling themselves **"Ryolait"** allegedly offered the stolen database for sale starting at **$2,000**. The incidents add to mounting concern over weak security in the education sector, which ANSSI has described as a frequent target of opportunistic attacks.
1 months ago
Olympique de Marseille Confirms Cyberattack Following Data Leak Claims
French football club **Olympique de Marseille (OM)** confirmed it was targeted by an *attempted* cyberattack after a threat actor claimed to have breached club systems and leaked a sample of allegedly stolen data on a hacking forum. The actor claims access to servers containing data on roughly **400,000 individuals**, including names, addresses, email addresses, and phone numbers, and also alleges theft of information tied to **~2,050 Drupal CMS accounts** (including staff and contributor/moderator accounts). OM said its technical teams and external specialist providers contained the incident quickly and that operations continue normally. The club stated **no banking details or passwords** were compromised, reported the matter to France’s data protection authority **CNIL**, and warned supporters to be alert for **phishing** attempts leveraging the incident. Reporting also noted the event in the context of a broader uptick in attacks against large organizations and referenced a prior breach affecting the French Football Federation.
1 months ago