Bologna FC has confirmed it suffered a ransomware attack after the RansomHub extortion group leaked its stolen data online. The Italian football team warns not to download or disseminate the stolen data, claiming it is a “serious criminal offense.”
“Bologna FC 1909 S.p.a. would like to communicate that a ransomware cyberattack recently targeted its internal security systems,” a spokesperson for the club said. The crime resulted in the theft of company data that may appear online.
Please be warned that it is a serious criminal offense to possess such data or facilitate its publication or diffusion.
The attack was claimed by the RansomHub ransomware gang, currently a prolific, high-profile threat group. On November 19, 2024, the group announced, “The club’s management refused to protect the confidential data of players and sponsors. Therefore, in 2 days, we will publish all medical, personal, and confidential data of all club players.”
The threat actors extended Bologna to pay a ransom to prevent the publication deadline.
However, they have now published the complete stolen dataset on the dark web. The ransomware gang claims that the leaked data includes:
– Sponsorship contracts and sponsor details
– Complete financial data of the club’s history
– Personal and confidential player data
– Transfer strategies for new and young players
– Confidential data of fans and employees
– Data on young athletes
– Medical records
– Information on structures and stadiums
– Commercial strategies and business plans
Previously, the threat actors attempted to blackmail the Italian football team by listing examples of how leaked documents caused other teams to pay huge fines over various violations and used GDPR as leverage. Ransomware attacks against sports teams aren’t common, though some organizations, especially those at the highest level, manage large sums of money.
Previous examples include a NoEscape ransomware attack against a French basketball team and a BlackCyte ransomware attack targeting another sports organization.
Bologna FC’s data breach impact
Among the samples of allegedly stolen data is a document purporting to be manager Vincenzo Italiano’s employment contract. It includes details such as his €4.575 million annual remuneration for this season and the next, plus a potential €455,000 bonus for winning the Italian Serie A league.
Details of professional football contracts are often kept secret, but are widely speculated regardless. Italiano joined Bologna in June on a two-year contract. While the details of his salary are speculated between €500,000 and €2.5 million per year depending on where you look, the length of the contract allegedly leaked is consistent with public reporting.
Other documents the criminals claim to be genuine are Italiano’s tax ID code and bank account number. Additionally, former assistant manager Emilio De Leo’s alleged passport scan is included in the sample, and the directory tree of stolen files suggests RansomHub also has passports, contracts, and personal data for the club’s first-team players dating back to at least 2017. Spreadsheets plastered across the criminals’ data leak site (DLS) appear to show club financial breakdowns, including annual revenue from sponsorships and money owed to other professional clubs.
“Bologna FC was hacked due to a lack of security on their network. All confidential data has been stolen,” RansomHub stated on its DLS. Consistent with ransomware gangs’ usual operating methods, Bologna was given a three-day window to meet undisclosed demands.
RansomHub’s countdown timer indicates that all the club’s data will be placed on its DLS at noon (UTC) on November 29 unless their ransom demands – whatever they may be – are met.
