Prominent Mexican soccer team Club de Fútbol Pachuca and its associated academic institution, Universidad del Futbol y Ciencias del Deporte (University of Football and Sports Sciences), have allegedly become the victims of a major data breach. An unknown threat actor has claimed on a popular hacking forum to have successfully infiltrated the organizations’ servers, exfiltrating a substantial 50 GB of sensitive data. Club Pachuca is one of the oldest and most successful teams in Mexico’s top football league, Liga MX, making this a high-profile incident with potentially widespread consequences for players, staff, and students.
The perpetrator posted evidence of the intrusion, which disturbingly points to a server running Microsoft Windows Server 2003, an obsolete and unsupported operating system that has not received security updates in many years. This critical vulnerability likely served as the entry point for the attack. The breach’s origin from a server with such outdated software highlights the severe risks associated with legacy systems in handling sensitive information. The actor claims the stolen database contains a wealth of personal and critical information, putting individuals connected to both the club and the university at significant risk of fraud and identity theft.
The compromised data allegedly includes a wide range of sensitive information. The threat actor listed the following categories of leaked data:
- Telephone numbers
- Full database and systems access
- Players’ addresses
- Electronic emails
- Passwords