Cyber Incident Victim: Federation Internationale de Football Association
Date:
Oct 2018
Location:
Switzerland
Summary
FIFA experienced a second cyberattack compromising internal systems, with stolen documents obtained by Football Leaks and shared with media outlets for imminent publication. The breach followed a separate phishing operation targeting UEFA officials, though no intrusion was confirmed. Previous leaks from the group exposed sensitive information, including failed drug tests and confidential agreements like Cristiano Ronaldo's nondisclosure arrangement, leading to regulatory reforms, criminal tax evasion prosecutions, and scrutiny of transfer market practices. The organization condemned the unlawful data breaches while its president emphasized transparency in operations. The incident highlighted broader cybersecurity threats in global sports, including state-sponsored attacks linked to Russian intelligence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2018, FIFA experienced its second major cyberattack in two years, following a 2017 breach attributed to Russian state-sponsored actors. The organization confirmed the intrusion after detecting unauthorized access to its systems, though specifics about compromised data remained unclear at the time of disclosure. Concurrently, UEFA officials reported targeted phishing attempts designed to harvest login credentials, though forensic investigations found no conclusive evidence of successful system penetration. Both organizations received hundreds of inquiries from media outlets regarding confidential documents in late 2018, signaling potential data exposure. A consortium of European media outlets coordinated by European Investigative Collaborations (E.I.C.) planned to publish stories derived from these documents, which originated with the Football Leaks group. This marked a continuation of Football Leaks' activities dating to 2015, when the group first began releasing sensitive soccer industry documents through Der Spiegel and partner outlets.
The incident's impacts extended beyond operational disruptions to tangible regulatory and legal consequences. Previous Football Leaks disclosures had exposed systemic misconduct, including tax evasion schemes involving high-profile players and clubs, leading to criminal convictions in Spain. FIFA implemented reforms to its $6 billion transfer market system in response to earlier revelations about transfer fee manipulation. The 2018 breach specifically prompted concerns about forthcoming media exposés, with FIFA Council members discussing potential reputational damage during meetings in Kigali, Rwanda. Organization president Gianni Infantino publicly defended his communications practices while FIFA issued a statement condemning unlawful data access but did not detail technical remediation measures. Broader context included U.S. Department of Justice charges against seven Russian GRU officers for hacking FIFA and IOC systems in 2017, though authorities did not link this group to the 2018 incident. Parallel leaks involving Benfica's internal emails further demonstrated persistent cybersecurity vulnerabilities across global soccer institutions during this period.