- FFF breached via compromised account, exposing members’ personal data but not passwords or bank details
- Stolen PII includes names, birth information, contacts, and license numbers, enabling phishing risks
- FFF terminated access, alerted authorities, and continues to face repeated cyber attacks in recent years
The French Football Federation (FFF), the governing body of football in France, lost personally identifiable information (PII) about an as yet undisclosed number of members. The agency confirmed the news in a press release, saying data was lost in a cyber attack.
Earlier this morning, FFF said unnamed threat actors used a “compromised account” to access software it uses to perform administrative administration. It didn’t say what software it was or how the account was compromised, but we can assume it was either through phished credentials or via infostealer malware.
The attackers used their access to steal PII on FFF members, including full names, gender data, dates of birth, places of birth, nationality information, postal addresses, email addresses, phone numbers, and membership or license numbers.
Phishing warning
Although passwords and bank details were not taken, this is still enough data to target FFF members with tailored phishing emails through which this data can later be obtained. Therefore, the FFF warned all customers to be wary of incoming communications, especially those claiming to be from the organization.
“We recommend that you exercise the utmost vigilance regarding any suspicious or unusual communication you may receive (SMS, phone call, email, etc.) that appears to come from FFF, your club or another sender (eg inviting you to open an attachment or asking you to provide your account details, passwords or bank details),” the press release reads.
FFF said it terminated the compromised account, notified the relevant authorities, and added that it will also notify affected individuals.
The agency is a frequent target of cyber attacks. In March 2024, the FFF revealed that potentially around 1.5 million license records were compromised, and in February 2025 another breach occurred when attackers gained access to its license management system and stole personal data.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
