Italy’s Bologna FC confirms a recent cybersecurity incident after the notorious RansomHub ransomware group posted its alleged data publicly.
This Italian football club impacted by the leak warns the public that downloading or redistributing the leaked material is a significant criminal offence. Bologna FC 1909 S.p.a.’s recent announcement about a ransomware cyber-attack targeting its internal security systems confirmed the incident.
In addition, management confirmed that the malicious incident resulted in data loss and allegedly became available online. However, the organisation warned the public that acquiring such data, illegal publication, and repossession may result in a significant criminal violation.
The RansomHub cyber extortion group claimed responsibility for the ransomware attack on Bologna FC.
The RansomHub ransomware group claimed responsibility for the data breach incident against Bologna FC last month. However, the worst part of the incident was that the threat actors argued that the football club’s management had declined their demands, which could have protected the confidential information of its players and sponsors.
As a result, the group stated they would reveal all medical, personal, and confidential information on all club players within a couple of days. Additionally, the threat actors allegedly extended Bologna’s ransom payment date to avoid the publication deadline.
However, they have now uploaded the stolen dataset on the dark web. The database includes sponsorship agreements and sponsor details, complete financial data from the club’s history, personal and private player information, transfer strategies for new and young players, and fan and employee data.
Furthermore, critical information is included in the exposed dataset, such as data about youthful athletes, medical records, constructions and stadiums, and commercial strategies and business plans.
These threat actors also reportedly wanted to blackmail the Italian football team by citing examples of how leaked information forced other teams to pay hefty fines for various infractions and use GDPR as leverage.
The individuals potentially impacted by this data leak incident should be extra cautious with their digital presence. Some malicious tactics that may occur immediately against the affected people are targeted phishing attacks and social engineering campaigns. Hence, extra vigilance is required to avoid falling victim to these operations.