French Ligue 1 club Olympique de Marseille has officially confirmed it was the target of a cyberattack earlier this month, after a threat actor claimed to have breached the club’s systems and leaked supporter and staff data online.

In a statement released by the club, Olympique de Marseille acknowledged the incident, saying the attack occurred in a broader context of rising cyber threats against major organizations. The club’s technical teams and external security specialists responded quickly, bringing the situation under control and restoring normal operations.

The statement stressed that no banking details or passwords have been compromised and assured fans and members that all club services are running securely. OM also reported the incident to the French data protection authority, Commission Nationale de l’Informatique et des Libertés (CNIL), and filed an official complaint with relevant authorities.

The threat actor behind the attack reportedly posted on a hacking forum that a database of roughly 400,000 individuals — including names, addresses, emails, and phone numbers — was stolen and offered for sale. Security researchers noted that leaked data might also include records related to website contributors and staff accounts. However, the club has not independently confirmed the full extent of the theft.

Olympique de Marseille has urged supporters to remain vigilant against phishing and other online threats in the weeks ahead, highlighting the importance of strong passwords and careful online behaviour.

This incident follows other recent breaches in French football administration, including a data breach at the French Football Federation (FFF) last November that exposed member information and prompted widespread security scrutiny across the sporting sector.

What’s next?
Club officials say investigations continue as cybersecurity teams work to determine the scope of the attack and bolster defences to prevent future incidents.