French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club’s systems earlier this month.
Founded 126 years ago, Olympique Marseille competes in the Ligue 1, the top tier of the French football league system, and was the first French club to win the UEFA Champions League in 1993.
On Tuesday, Olympique Marseille issued a statement confirming that it had been hit by a cyberattack, following claims by a threat actor that they had breached some of its servers.
The threat actor has also leaked a sample of the allegedly stolen information on a hacking forum, claiming to have stolen a database containing Olympique Marseille staff and supporter information.
“Olympique de Marseille has announced that it was recently the target of an attempted cyberattack, in a national and international context marked by a resurgence of attacks targeting large organizations,” the football club said.
“Thanks to the immediate mobilization of our technical teams and specialized service providers, the situation was quickly brought under control. To date, all our activities are continuing as normal and in complete security, and we are continuing our investigations into the scope of the incident. The club would like to reassure its supporters that no banking details or passwords have been compromised.”
While Olympique Marseille didn’t provide further details about the incident, the threat actor says the stolen database contains information on 400,000 individuals, including their names, addresses, order information, email addresses, and mobile phone numbers.
They added that the allegedly stolen data also includes information on more than 2,050 Drupal CMS accounts, including 34 OM staff and 1,770 contributors and moderators.
“Today I am selling Olympique de Marseille (OM) dump from feb 2026, iconic french football club in Ligue 1, online boutique for merch, fan memberships, massive supporter base in france and worldwide,” the threat actor said.
Although Olympique Marseille has yet to confirm a data breach, it reported the incident to the French data protection authority (CNIL), filed a complaint, and advised fans to “remain vigilant against phishing attempts, and report any suspicious activity.”
An Olympique Marseille spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
In November, the French Football Federation (FFF) also disclosed a data breach after attackers gained access to administrative management software used by football clubs using a compromised account.
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
Related Articles:
CarGurus data breach exposes information of 12.4 million accounts
Data breach at fintech firm Figure affects nearly 1 million accounts
Eurail says stolen traveler data now up for sale on dark web
Spain’s Ministry of Science shuts down systems after breach claims
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match