"The FFF said it immediately disabled the rogue account and reset passwords for every user on the platform, applying the infosec equivalent of subbing off the entire squad for a fresh line-up. The federation also secured the software and underlying data to block any further lateral plays by the intruders, temporarily disrupting access but keeping the incident from escalating. The stolen data included first and last names, gender, date and place of birth, nationality, postal address, email address, phone number, and license number, the federation said."
"No banking information or national identity numbers were involved. The FFF didn't disclose how many individuals were affected, but the federation has more than 2.2 million members across approximately 18,000 clubs, according to its own data. The FFF has filed a criminal complaint and has formally informed France's cybersecurity agency, ANSSI, and the data protection watchdog, CNIL. It also says it's lacing up its security boots after the breach "to cope, like many other actors, with the increasing number and new forms of cyberattacks.""
Attackers accessed the French Football Federation's member-management software via a compromised account, triggering detection of an unauthorized login. The federation disabled the compromised account, reset all platform passwords, and secured the software and underlying data to prevent further lateral access, temporarily disrupting user access. Exposed fields included names, gender, date and place of birth, nationality, postal and email addresses, phone numbers, and license numbers; no banking or national identity numbers were involved. The federation has more than 2.2 million members but did not disclose how many were affected. A criminal complaint was filed and ANSSI and CNIL were notified; affected email holders will be informed and urged to exercise caution.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]