Bologna, one of Italy’s historic Serie A clubs, is facing a severe cybersecurity crisis. On November 19, the hacker group RansomHub successfully breached the club’s server protection systems, stealing documents, contracts, sensitive data, and a vast amount of other material. The hackers are now demanding a substantial ransom from the club, which has confirmed the breach to authorities.
Calciomercato report how the cybercriminals have accessed over 200 gigabytes of data from the club’s servers, including business plans, sponsorship contracts, financial records, personal and confidential information of players, fans, and employees, market strategies (including transfer plans and details on young talents from other teams), and all medical data from the club’s headquarters in Casteldebole.
The hackers are threatening to publish all the stolen material, which would violate the General Data Protection Regulation (GDPR). Such a breach could result in a fine from the Data Protection Authority of up to 10 million euros or 2% of the club’s turnover.
To prove the seriousness of their threat, the hackers have already published some sensitive information. This includes a scanned image of Vincenzo Italiano’s passport, details of his two-year contract signed last summer (revealing all agreed compensations), and even his bank account details.
The hacker group has issued an ultimatum to the club, stating: “The club’s management has refused to protect the confidential data of players and sponsors. Therefore, in 2 days, we will publish all medical, personal, and confidential data of the club’s players. But we remind them that they can obtain much more money through legal actions than by playing for a club that has betrayed them.”
Bologna have responded by emphasizing that they have a Data Protection Officer (DPO) responsible for observing, evaluating, and organizing the management of personal data processing. The club has immediately filed a complaint with the postal police and informed the Data Protection Authority of the situation. The Rossoblu are already taking steps to defend themselves in appropriate venues and will take legal action against anyone who disseminates this stolen data.
