The French Football Federation has confirmed that it experienced a cyberattack that exposed personal information belonging to registered members. The breach affected software used by clubs across France to manage player and staff registrations. According to the federation, an attacker gained access through a compromised account and retrieved data stored in the system. The federation said that the affected software is used widely across national and local clubs, which increases the potential scale of the exposure.
Once the breach was detected, the federation removed access to the compromised account and reset passwords for all users. It also filed a formal complaint and informed the national authority responsible for data protection. The federation has begun working with relevant agencies to determine how the attacker obtained access and whether additional steps are required to secure the system.
The exposed information includes names, genders, nationalities, postal addresses, email addresses, phone numbers, and the licence identification numbers assigned to registered members. In some cases, dates of birth and places of birth were also included. The federation has not yet confirmed the number of individuals affected, but the administrative software involved in the breach is used across all licensed clubs in France, which suggests that the data set may be extensive.
The federation has advised members to be cautious about unexpected communication. It warned that attackers may use the stolen information to send fraudulent emails or messages that impersonate clubs or federation staff. These messages may attempt to obtain additional personal details or direct recipients to unsafe websites. The federation encouraged members to verify the source of any message before responding.
The breach adds to a series of recent incidents involving sports organisations and other membership-based groups in Europe. These incidents show that systems containing personal information must be protected by strong access controls, regular audits, and updated security measures. Organisations that rely on shared administrative platforms face heightened risk when sensitive information is stored in a single environment.
The federation said that it will release further information as the investigation progresses. It has stated that it aims to strengthen security measures within the administrative system and to ensure that user data is protected against future incidents.