Italian football giant Bologna FC 1909 has confirmed a significant ransomware attack orchestrated by the RansomHub extortion group. The attack, reported on November 19, 2024, resulted in a substantial data breach affecting multiple aspects of the club’s operations.
The compromised data encompasses sensitive information including financial records, player medical files, confidential sponsorship agreements, transfer strategies, and personal data of fans and employees. Additionally, stadium infrastructure details and business plans were among the stolen information.
The incident unfolded in stages, beginning with an initial breach and ransom demand, followed by an extension period for payment. After the club’s non-compliance with ransom demands, the attackers published the complete dataset on the dark web.
While ransomware attacks on sports organizations are uncommon, similar incidents have targeted other prominent teams like ASVEL (French basketball) and the San Francisco 49ers (NFL). The attack raises serious legal concerns, particularly regarding GDPR compliance, and the club has issued strict warnings against downloading or sharing the stolen data, as such actions constitute criminal offenses.
The breach underscores the critical need for enhanced cybersecurity measures within major sports organizations to protect sensitive data and maintain operational integrity.