The French Basketball Federation indicates that it has suffered a major leak of personal data, potentially affecting 2 million licensees and 900,000 of their legal representatives.
On the evening of Friday April 17, 2026, a hacker attacked the French Basketball Federation. The cybercriminal gained fraudulent access to a user account, which allowed him to exploit the organization’s federal licensee management tool. He was thus able to massively extract data from licensees.
The stolen information includes identity data (last name, first name, date of birth), full contact details (postal address, email, telephone), as well as license and club membership information. The federation specifies that no banking data, no password and no health data have not been compromised. Up to 2 million licensees, as well as approximately “900,000 additional data concerning legal representatives of licensees”are concerned.
Also read: Olympique de Marseille was hacked – the data of 400,000 supporters was compromised
Data distributed on the dark web
Part of the stolen information was published on dark web black marketsbefore being deleted. The federation warns that malicious actors may have downloaded or retained the files before their removal. Concretely, this means that sensitive data may still be circulating in the hands of cybercriminals, opening the door to all kinds of abuse. The risks of phishing are particularly highlighted.
A pirate behind bars
“The cybercriminal behind this act has been arrested”specifies the press release. It is probably “HexDex”, a 22-year-old pirate, arrested in Vendée a few days earlier. The hacker specialized in stealing data from sports federations. Among the victims of the pirate, we find the French Federations of sailing, athletics, motorsport, gymnastics, skiing, rugby league, aikido, university sport, mountain and climbing and even disabled sports. Sites of food banks, Logis Hôtels France, Brit Hotel, the Philharmonie de Paris, as well as the Moselle prefecture are among the hacker’s victims.
Unsurprisingly, the French basketball federation notified the National Commission for Informatics and Liberties (CNIL), in accordance with the GDPR and French law.
👉🏻 Follow tech news in real time: add 01net to your sources on Google, and subscribe to our WhatsApp channel.
