Italian professional football club Bologna FC is allegedly a recent victim of the RansomHub cybercrime gang, according to the group’s dark web postings.
The ransomware crims responsible for attacks on organizations including Planned Parenthood and Christie’s – the same crew thought to have picked up LockBit’s top talent post-disruption – posted an extensive collection of data it claims came from Bologna’s systems.
Among the samples of allegedly stolen data is a document that purports to be manager Vincenzo Italiano’s employment contract, which includes details such as his €4.575 million annual remuneration for this season and the next, plus a potential €455,000 bonus for winning the Italian Serie A league.
Details of professional football contracts are often kept secret, but are widely speculated regardless. However, the length of the contracts is usually disclosed to the public. Italiano joined Bologna in June on a two-year contract, and while the details of his salary are speculated between €500,000 and €2.5 million per year depending on where you look, the length of the contract allegedly leaked is consistent with public reporting.
Scattered around other documents the criminals claim to be genuine are Italiano’s tax ID code and bank account number.
Elsewhere, former assistant manager Emilio De Leo’s alleged passport scan is included in the sample, and the directory tree of stolen files suggests RansomHub also has the passports, contracts, and personal data for the club’s first-team players dating back to at least 2017.
Additionally, spreadsheets are plastered across the crooks’ data leak site (DLS) appearing to show breakdowns of club financials, including the annual revenue taken from various sponsorships and the expected and owed money to other professional clubs in the league.
“Bologna FC was hacked due to lack of security on their network. All confidential data has been stolen,” RansomHub said on its DLS. “Bologna FC does not have any data protection on its network which is why absolutely all their data was stolen.”
RansomHub claimed to have stolen medical data too, as well as information on young players, commercial strategies, and business plans.
As ever with these things, the claims made by criminals should always be viewed with skepticism. They benefit from stoking negative publicity around the victim, regardless of how true their claims may be, and given that they’re already serious criminals, likely don’t have much consideration for libel law.
The Register contacted the club on Wednesday to verify the veracity of RansomHub’s claims, but after more than 24 hours and multiple follow-ups, the club had not responded.
- Scattered Spider, BlackCat claw their way back from criminal underground
- RansomHub genius tries to put the squeeze on Delaware Libraries
- Deja blues… LockBit boasts once again of ransoming IRS-authorized eFile.com
- Rhysida ransomware gang ships off Port of Seattle data for $6M
Emails to Bologna’s publicly available legal team address bounced back, and neither the Serie A league nor Italy’s national cybersecurity agency (NCC-IT) immediately responded.
However, a statement from the club on Friday