Article Details

French Football Federation discloses data breach after cyberattack. The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. After detecting the unauthorized access, FFF's security team disabled the compromised account and reset all user passwords across the system. However, before they were detected and evicted from the breached systems, the threat actors stole personal and contact information from members of French football clubs. "Upon detection of this unauthorized access through the use of a compromised account, the FFF services took the necessary steps to secure the software and data, including immediately disabling the account in question and resetting all user account passwords," the FFF said [machine translation]. "This breach is limited to the following data only: name, surname, gender, date and place of birth, nationality, postal address, email address, telephone number and license number." As required under European data protection regulations, the organization has filed a criminal complaint and notified France's National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL), the country's data protection authority. The FFF said it will directly notify all individuals whose email addresses appear in the compromised database and urged members to be suspicious of messages claiming to originate from the federation, their clubs, or other senders. French football club members should be wary of any communications requesting that they open attachments or provide account credentials, passwords, or banking information. "The FFF is committed to protecting all the data entrusted to it and is constantly strengthening and adapting its security measures in order to cope, like many other actors, with the increasing number and new forms of cyberattacks," the FFF added. A spokesperson for the French Football Federation (FFF) was not immediately available for comment when contacted by BleepingComputer earlier today. Earlier this month, the French social security service for parents and home-based childcare providers (Pajemploi) also suffered a data breach that may have exposed personal information of approximately 1.2 million individuals. The 2026 CISO Budget Benchmark It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026. Learn how top leaders are turning investment into measurable impact.