The French Football Federation (FFF) disclosed a cyberattack that breached the Footclubs software, exposing members’ personal and contact information after attackers gained access through a compromised administrative account.

The breach specifically affected license and administrative data managed by Footclubs, with unauthorized access to various personal details of club members.

In response, the FFF disabled the compromised account, reset all user passwords, and notified authorities to comply with European data protection rules.

Immediate security actions also included securing the software and addressing the incident promptly, while promising further security enhancements.

The federation filed a criminal complaint and alerted France’s ANSSI and CNIL, with plans to inform affected individuals directly about suspicious communications.

Authorities were alerted, and a police complaint was filed; affected members will be notified if their email was in the compromised database.

Initial analysis indicates only personal identification and contact data were exposed—names, birth details, nationality, postal and email addresses, phone numbers, and license numbers—with no banking or password data compromised.

The breach did not appear to involve banking or password data, focusing on PII such as names, dates of birth, addresses, and license numbers.

The incident disrupted Footclubs access for thousands of players, coaches, and officials, with access restored for many users ahead of the public notice.

The event adds to a pattern of cybersecurity challenges for sports bodies and similar organizations, underscoring the need for strengthened defenses and rapid incident response.

The FFF emphasized ongoing security improvements and warned about impersonation attempts in phishing messages that claim to originate from the federation or its clubs.

Security guidance and best practices for integrating AI-enabled workflows, like Model Context Protocol (MCP) with LLMs, were noted as part of broader proactive security measures.