Bologna Football Club 1909 has disclosed that it fell victim to a ransomware attack, following the RansomHub extortion gang’s publication of stolen data online.
In an official statement, the club confirmed: “Bologna FC 1909 S.p.a. would like to communicate that a ransomware cyber attack recently targeted its internal security systems. The crime resulted in the theft of company data which may appear online. Please be warned that it is a serious criminal offence to be in possession of such data or facilitate its publication or diffusion.”
RansomHub Claims Theft of Sensitive Data
The announcement comes shortly after the RansomHub ransomware group claimed responsibility for the attack. The group alleges that it exfiltrated 200GB of data, including:
- Financial documents
- Player medical records
- Personal information of customers and staff
- Business plans
RansomHub has issued multiple threats to Bologna FC, asserting that the leaked data could expose the club’s violations of European data protection regulations and other football-related compliance requirements set by FIFA and UEFA.
Rising Cyber Threats in Football and Sports Organizations
Football clubs and sports organizations have become frequent targets for financially motivated cybercriminals.
- In 2022, the Dutch football governing body was hacked by the now-defunct LockBit ransomware group, which reportedly paid a ransom to secure sensitive data belonging to over 1.2 million employees and members.
- A Premier League club fell victim to a business email compromise attack, where hackers infiltrated a team director’s email during a trade deal and nearly transferred $1.2 million into fraudulent accounts.
- In 2018, an Italian Serie A club lost more than $1.75 million after hackers compromised a club official’s email and intercepted payments from a streaming service provider. Spanish authorities later arrested 11 individuals connected to the scheme in Barcelona.
Cybersecurity Risks in Professional Sports
In 2020, the United Kingdom's National Cyber Security Centre (NCSC) highlighted the growing risk of cyberattacks on sports organizations. A notable incident involved a ransomware attack on a Premier League team that:
- Severely disrupted its corporate systems
- Paralyzed the turnstile system
- Nearly led to the cancellation of a scheduled game
The Need for Strengthened Security
The attack on Bologna FC underscores the urgent need for sports organizations to bolster their cybersecurity defenses. Financially motivated attacks continue to target sensitive information, posing risks not only to the organizations themselves but also to their players, staff, and fans.
As investigations into the Bologna FC incident continue, the club’s response and future security measures will be closely watched by both cybersecurity experts and the football community. Maintaining robust digital defenses is now a critical requirement for ensuring the integrity and continuity of operations in the world of professional sports.