Cyberattack against Bologna Fc. The rossoblù team owned by the Italian-Canadian Saputo family ended up the target of hackers, who allegedly stole around 200 GB of sensitive data from the company’s databases, including contracts and personal information of players and employees, players’ health records, as well as financial data and sponsorship agreements. The company itself reported the theft, after being claimed and blackmailed by the criminal group RansomHub.
The hacker attack
The cyber attack would have been carried out on November 19th and, as communicated by Bologna, would have circumvented the security of the company’s headquarters in Casteldebole, on a cloud server and in the internal perimeter, via ransomware.
This is a method routinely used by the group of cybercriminals responsible for the action, which, as reported by Republicblackmails companies all over the world on an almost daily basis, threatening the publication of data sensitive stolen.
Blackmail
The hackers claimed responsibility for the action on the dark web, claiming to have come into possession of around 200 GB of data, which would include personal information of the members, including salaries and medical profiles of the players, but also sensitive data on employees, fans and clubs, with market strategies and information on financial data and private accounts.
As has happened in other cases of IT theft, the group of cybercriminals accused Bologna of not having used adequate security measures, violating the European regulation for data protection.
Reason why the hackers blackmailed the club, threatening to disclose all the medical and personal data of the players and, to demonstrate that they were serious, by publishing the scan of the coach’s contract Vincenzo Italianocomplete with salary and Iban, as well as his passport.
Bologna’s press release
The threat was confirmed in a statement by the company itself, which however declared that it had no intention of paying no ransom and that they are probably obsolete files.
In the note, Bologna warned that “this criminal action led to the theft of company data which could be published. Yes beware therefore anyone who comes into possession of it from disseminating or sharing or making any other use of such data as it comes from a crime”.
The attack was reported to the postal police within the time required by law and was informed Privacy guarantor.
Photo source: ANSA
Source: notizie.virgilio.it
