Dutch football association, professional leagues hit in cyberattack
The Dutch football association, KNVB, was targeted in a cyberattack on Saturday morning that allowed an outside party to steal data. The incident also affected the organizations that separately manage the two professional football leagues in the Netherlands, the Eredivisie and the Keuken Kampioen Divisie, more commonly known as the Eerste Divisie. The association said that business operations and football were not disrupted and that e-mail systems, for example, have remained unaffected.
The breach involved the IT network at the KNVB Campus in Zeist, where the Dutch football association is headquartered. The KNVB said that cybercriminals illegally obtained the personal data of KNVB employees. About five hundred people work at the Dutch football association.
“More and more organizations are being confronted with cybercrime. Despite our security system, the KNVB has now also become a victim of this. We are especially sorry that our employees may have to deal with this. Unfortunately, we do not have better news at the moment. We are doing everything we can to limit the problems,” the KNVB management said in a short statement on Tuesday morning.
According to a spokesman for the football association, the Eredivisie CV (ECV) and the Coöperatie Eerste Divisie (CED) also use the same data servers as the KNVB. Both organizations are also located at the KNVB complex in Zeist.
The data breach was reported to the Dutch Data Protection Authority and all possible victims were contacted by the KNVB. In addition, the football assocaition has started a digital forensic investigation with a specialized agency to further analyze what happened and the consequences of the incident.
Last week, many large institutions were affected by a data breach, including NS, Vrienden van Amstel Live, VodafoneZiggo and multiple social housing corporations. The market research firms they hired used software from the company Nebu, which is headquartered in Wormerveer and owned by a Canadian parent company.
When asked, the KNVB would not say whether the attack on the football association also relates to Nebu’s software, or if the company uses Nebu as a supplier. The KNVB would only say that the investigation is ongoing, and added that it will provide updates on its website as soon as there is more clarity.
Reporting by ANP