Italian professional football club Bologna FC reportedly fell victim to a ransomware attack orchestrated by the cybercrime group RansomHub. The revelation comes from RansomHub's dark web postings, which allege the theft and leaked publication of sensitive club data and an announcement on the club’s website.
The gang published an extensive trove of documents allegedly siphoned from Bologna's systems. Among the purported data is what appears to be the employment contract of head coach Vincenzo Italiano.
The document includes details of his €4.575 million annual salary over the next two seasons, alongside a potential €455,000 bonus for winning the Italian Serie A league. While salary details in football contracts are typically speculative and confidential, the reported contract duration aligns with earlier public disclosures.
Other sensitive information exposed in the alleged breach includes Italiano’s tax identification code and bank account number. The data haul reportedly extends beyond the manager, touching on former assistant manager Emilio De Leo with a passport scan included in leaked samples.Â
The directory tree presented by RansomHub suggests the stolen trove could encompass passports, contracts, and personal data of Bologna FC first-team players dating back to 2017.
Further images posted on the gang’s data leak site (DLS) appear to detail club financials, revenue streams tied to sponsorships, and transactions involving other professional clubs. RansomHub has also claimed possession of stolen medical records, youth player data, and confidential business strategies.
On their DLS, RansomHub alleged vulnerabilities in Bologna FC’s network security as the entry point for the attack. "Bologna FC was hacked due to lack of security on their network. All confidential data has been stolen," the gang claimed.
Bologna FC confirmed the ransomware attack in a public statement issued last Friday. The club disclosed that the attackers had targeted both a cloud server and internal perimeter systems, resulting in corporate data theft. Â
November reports said RansomHub surpassed LockBit as the leading Ransomware as a Service model.
Meanwhile, the suspected Phobos Ransomware administrator was extradited to face several cybercrime charges, including wire fraud conspiracy, computer fraud, and extortion.