Cyber Incident Victim: Fédération Française de Roller et Skateboard
Date:
Jan 2025
Location:
France
Summary
The Fédération Française de Roller et Skateboard suffered a cyberattack compromising personal data including names, email and postal addresses, birth details, and phone numbers of 570,000 licensed members through its Rolskanet management tool. While no passwords were exposed, the breach prompted notifications to national data protection and cybersecurity authorities, along with a criminal complaint. The organization advised heightened vigilance against potential phishing attempts via email, SMS, or calls, emphasizing that immediate security measures were implemented to terminate the attack and reinforce system protections.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In January 2025, the Fédération Française de Roller et Skateboard (FFRS) suffered a significant cybersecurity breach targeting its Rolskanet management platform. The attack compromised approximately 570,000 user accounts, exposing personal data including full names, email and physical addresses, telephone numbers, dates and places of birth of licensed members. The federation confirmed no password information was accessed during the intrusion. FFRS's service provider implemented immediate containment measures to terminate the attack and strengthen information system protections, though the specific technical vector of compromise remained undisclosed. The incident prompted internal alerts to affiliated clubs across France, including the AM Sport Roller Club in Dijon, which disseminated warnings through local channels. Initial breach notifications were issued to members during January, followed by a secondary communication on February 11 emphasizing that no new attack had occurred but reinforcing security advisories.
The data exposure created substantial phishing risks, with the federation urging vigilance against fraudulent emails, SMS messages, and phone calls impersonating legitimate entities. FFRS formally notified both the Commission Nationale de l'Informatique et des Libertés (CNIL) and the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) about the breach, while simultaneously filing a criminal complaint that could lead to penalties of up to five years imprisonment and €150,000 fines for perpetrators. Despite assurances that protective measures had been implemented, the organization directed affected individuals to official digital victim support services for incident reporting and legal recourse. The attack's scope impacted nationwide membership operations but did not disrupt core federation activities, with no evidence suggesting ongoing unauthorized access following containment. Clubs maintained regular operations while adhering to heightened security protocols disseminated through federal channels.