In an official statement from Olympique de Marseille, the club said it was the target of a cyberattack earlier this month, that a threat actor posted a sample claiming a database of about 400,000 individuals, and that the club has reported the incident to the CNIL, filed a complaint, and advised fans to remain vigilant.
KEY FACTS
- Incident Attempted cyberattack affecting club servers earlier this month
- Alleged data Sample claims a database of about 400,000 people with names, addresses, order details, emails and mobile numbers
- Accounts Sample includes more than 2,050 Drupal CMS accounts with 34 staff and 1,770 contributors and moderators
- Response Immediate mobilisation of technical teams, regulatory notification to the CNIL, and a filed complaint
A sample was posted on a hacking forum that contains an alleged dump of staff and supporter information. The sample includes personal contact details and order information for a large number of individuals.
The sample contains information on about 400,000 individuals, including names, postal addresses, order information, email addresses, and mobile phone numbers. It also contains more than 2,050 Drupal CMS accounts, listing 34 staff members and 1,770 contributors and moderators.
Included in the statement were actions such as notification to the CNIL, a formal complaint, and advice for supporters to remain vigilant against phishing and to report suspicious activity. The club said technical teams and specialised providers quickly contained the situation and that operations are continuing.
The scope of the incident remains under investigation and no independent verification of the alleged leaked contents was available at publication.
WHY IT MATTERS
If accurate the alleged leak could increase the risk of targeted phishing and unwanted contact for supporters. Notification to the CNIL and a filed complaint initiate regulatory and investigative processes.