Overview
- Attackers accessed the clubs’ administrative management software using a compromised account and exfiltrated member information.
- Following detection, the FFF disabled the affected account, enforced a system-wide password reset, and reported no evidence of financial data exposure.
- The exposed fields were limited to names, gender, date and place of birth, nationality, postal and email addresses, telephone numbers, and license numbers.
- The FFF filed a criminal complaint and notified France’s ANSSI and the data protection authority CNIL in line with GDPR obligations.
- The federation will directly notify impacted individuals and urges vigilance against phishing messages that request attachments, credentials, or banking details.