KNVB Acknowledges Paying LockBit Ransom to Prevent Stolen Data Publication

Estimated read time 2 min read

The Royal Dutch Football Association (KNVB) has disclosed that it paid a ransom to the perpetrators behind the LockBit ransomware attack to prevent the publication of data stolen during a breach earlier this year.

In an official statement posted on its website, the KNVB revealed that it paid an undisclosed ransom sum to cybercriminals to prevent the release of data stolen during a security breach. The incident occurred on April 4th when criminals successfully infiltrated the football association’s network, compromising the personal information of its employees.

The criminals claimed to have obtained data and threatened to make it public unless a ransom was paid. Expert analysis could not definitively determine which data had been accessed, leaving the KNVB in a challenging position without an appealing alternative.

The football association noted that the potentially exposed files contained personal information that could impact individuals’ privacy. “Preventing such data exposure ultimately outweighed the principle of not succumbing to extortion. Therefore, under expert guidance, agreements were made to ensure the non-publication and removal of data,” the KNVB added.

The compromised data includes identity documents and signatures of internationally transferred players between 2015 and 2021, as well as name, address, salary details, and signatures of players who played in the Netherlands between 2016 and 2018. Additionally, it involves the name, contact information, and medical records of individuals associated with the KNVB Sport Medical Center in a broad context. There may also be data stolen from individuals involved in disciplinary proceedings between 1999 and 2020.

The KNVB expressed its belief that the stolen data will not be published, citing the advice of external experts who have guided them through this incident. However, the football association will not solely rely on the assurances of criminals. They plan to inform potentially affected individuals, enabling them to remain vigilant for any signs of misuse of their data.

The method by which the criminals gained access to the KNVB’s systems has not been disclosed.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author