Olympique de Marseille confirms attempted cyberattack following data leak claim

French professional football club Olympique de Marseille confirmed Tuesday that it was recently targeted in an attempted cyberattack after a threat actor claimed to have breached the club’s systems and leaked a sample of stolen data online.

The club, founded 126 years ago and competing in Ligue 1, the top tier of the French football league system, acknowledged the incident in a public statement. Olympique de Marseille, which became the first French club to win the UEFA Champions League in 1993, said its technical teams and specialized service providers quickly contained the situation.

“Olympique de Marseille has announced that it was recently the target of an attempted cyberattack, in a national and international context marked by a resurgence of attacks targeting large organizations,” the club said. “Thanks to the immediate mobilization of our technical teams and specialized service providers, the situation was quickly brought under control. To date, all our activities are continuing as normal and in complete security, and we are continuing our investigations into the scope of the incident. The club would like to reassure its supporters that no banking details or passwords have been compromised.”

The statement followed claims made Monday by a threat actor who said they had accessed some of the club’s servers earlier this month. The individual posted a sample of allegedly stolen data on a hacking forum and asserted that the database contained information on 400,000 individuals.

The data allegedly includes names, addresses, order information, email addresses and mobile phone numbers of staff members and supporters. The threat actor also claimed the database contained details related to more than 2,050 Drupal content management system accounts, including 34 staff accounts and 1,770 contributor and moderator accounts.

In a post offering the data for sale, the threat actor described the material as a February 2026 database dump tied to the club’s online merchandise store and fan membership operations.

Olympique de Marseille has not confirmed that a data breach occurred. The club said it reported the incident to France’s data protection authority, the Commission nationale de l’informatique et des libertés, filed a complaint and urged supporters to remain vigilant against phishing attempts and to report any suspicious activity.