Talk about an own goal - Bologna FC hit by ransomware hackers

(Image credit: Shutterstock / binarydesign)

Bologna FC has confirmed suffering a cyberattack
RansomHub assumes responsibility, says the club had virtually zero defenses
The group claims to have stolen financial, medical, and other data

Top Serie A football club Bologna FC has suffered a devastating ransomware attack in which crooks stole a lot of sensitive information.

The club confirmed the news in a short statement published on its website, noting, "Bologna Football Club 1909 Spa announces that its security systems have recently been the subject of a ransomware cyber attack, on a cloud server and in the internal perimeter."

“This criminal action has led to the theft of company data that could be subject to publication. Anyone who comes into possession of such data is therefore warned against disseminating or sharing or making any other use of such data as it comes from a crime,"

"Bologna doesn't have any data protection"

While the club didn’t share many details about the incident, the attackers were quite vocal.

According to The Register, the club was struck by RansomHub, an infamous ransomware player that emerged following the disappearance of ALPHV (BlackCat). The threat actor boasted about the attack on its data leak website, and shared a few screenshots to prove their claims.

"Bologna FC was hacked due to lack of security on their network. All confidential data has been stolen," RansomHub allegedly said on its website. "Bologna FC does not have any data protection on its network which is why absolutely all their data was stolen."

The stolen information includes passport scans, contracts, and personal data for the club’s first-team players since 2017, as well as the club’s financials, medical data, commercial strategies, and business plans. Furthermore, the hackers stole a document appearing to be the contract for the club’s manager, Vincenzo Italiano, as well as his tax ID code, and bank account number.

While all these claims should be taken with a grain of salt, if they turn out to be true, whoever ends up buying the data can use it for business email compromise attacks, phishing, identity theft, and possibly even wire fraud.

Almost 500GB of data allegedly leaked in RansomHub attack on Kawasaki
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.