Juventus reports third-party breach that compromised official club footage

Italian Serie A football team Juventus said a third-party photography services provider experienced a data breach that compromised footage from the club’s official events, including those of minors.

 

The football club, owned by the Agnelli family since 1923 and which competes in Serie A, Italy’s premier professional football league, announced the data breach last week, stating that the security incident did not involve any of its internal IT systems or devices.

 

The club said the security incident occurred after hackers compromised the systems or devices of a third-party sub-vendor which was under a contract to take photographs of the club’s sporting events and other gatherings. 

 

The hackers accessed and exfiltrated footage from club events dating between July 2023 and December 2025. The stolen photographs contained the images of a large number of people, including minors.

 

"Given the nature of the events concerned and the high number of participants, including minors, Juventus Football Club S.p.A. considered it appropriate to issue this communication in the interest of maximum transparency and care towards all individuals potentially involved," the club said.
 
Juventus added that as soon as it learned about the cyber incident, it performed appropriate checks, notified the incident to the Italian Data Protection Authority, and advised the affected vendor to disconnect its devices from the Internet and change the passwords of all connected devices and applications.

 

It is unclear whether the photography agency contracted by Juventus covered other football or sporting events or whether the data breach affected other Italian business or individuals as well.

 

Juventus said there is no evidence to suggest that malicious actors made unlawful use of the stolen images, but there is a strong possibility of them leaking certain images to the public and the club has requested affected individuals to report any instances of their images posted online. 

 

The football club previously suffered an embarrassing cyber incident in October 2024 when malicious actors hijacked its English language X account and used the platform to announce the signing of Turkish footballer Arda Güler from Real Madrid.

 

"Welcome to Juventus, Arda Güler! The rising star of football is now part of the #Juventus family. Ready to make history together on this new journey," the hackers tweeted from the club’s official X account. Juventus quickly said on its Italian language X account that the English language account had been hijacked and that news of Güler joining the club was fake.

 

In 2022, a hacker also put up for sale on the dark web underground forum BreachForums the email accounts and passwords of 164 employees of Juventus football club, as well as the credentials of five people with administrator privileges. The hacker claimed that these user accounts could provide anyone access to the club database. The veracity of the hacker’s claims could not be confirmed.