{
	"id": "af864f5d-dbd0-4bd5-9abf-2c0b1df723bc",
	"created_at": "2026-04-06T00:08:07.282624Z",
	"updated_at": "2026-04-10T03:21:34.714113Z",
	"deleted_at": null,
	"sha1_hash": "929048e52a57870429654860e19996ea02ccfe54",
	"title": "Royal Dutch Football Association confirms it paid ransom for hacked employee data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 75310,
	"plain_text": "Royal Dutch Football Association confirms it paid ransom for\r\nhacked employee data\r\nBy Jonathan Greig\r\nPublished: 2023-09-12 · Archived: 2026-04-05 18:47:51 UTC\r\nThe governing body for soccer in the Netherlands said this week that it paid a ransom to hackers who breached its\r\nsystems earlier this year and stole the sensitive data of more than more than 1.2 million employees and members.\r\nThe Royal Dutch Football Association (KNVB) didn’t say how large the ransom was, but it confirmed that the\r\nprolific LockBit ransomware gang — which took credit for the incident — was indeed behind the attack.\r\nThe KNVB, based in Zeist, runs the country’s main professional leagues, the Dutch men's and women's national\r\nteams, the Dutch Cup and amateur leagues.\r\nIn April KNVB’s leadership had announced the incident, saying the organization’s business operations were not\r\naffected but the intruders had obtained personal data. Law enforcement agencies in the Netherlands and the Dutch\r\nData Protection Authority were notified.\r\nThat same month, LockBit claimed to have stolen 305 GB of data.\r\nKNVB revealed this week that those potentially affected include:\r\nThe parents or guardians of underage players who were transferred internationally between 2014-2019.\r\nPlayers who were transferred internationally between 2015-2021.\r\nPlayers who played for a professional football organization between 2016-2018.\r\nPeople who sent declarations to the KNVB based on their relationship with the KNVB (in the broadest\r\nsense) from 2010 to 2022.\r\nAnyone who had contact with the KNVB Sports Medical Center.\r\nAnyone who was involved in disciplinary matters (e.g. a sanction) from 1999-2020.\r\nFor most victims, their government ID and signature were stolen but many had names, addresses, salary details\r\nand bank account numbers accessed. Medical details and information in disciplinary files were also included in\r\nsome of the data accessed.\r\nKNVB said the gang threatened to publish the data unless the association paid a ransom. The idea of “preventing\r\nsuch a spread ultimately weighs more heavily” than buckling to extortion attempts, KNVB said. Based on the\r\nguidance they were given from cyber forensics firm Fox-IT, they decided to pay the undisclosed ransom.\r\nBut out of caution, they wanted to notify anyone affected that their data may have been accessed or exfiltrated\r\nfrom KNVB systems.\r\nhttps://therecord.media/dutch-football-association-paid-ransom-lockbit\r\nPage 1 of 3\n\nMany victims were contacted directly, and the KNVB put ads in local newspapers to notify the public about what\r\nhappened. But the organization urged victims to check back on the document for updates about the incident.\r\nIn an FAQ provided along with the statement, the organization made the controversial claim that it does not expect\r\nthe information accessed to be “misused or further distributed” based on what experts told them.\r\n“Their experience shows that such cybercriminals honor the agreements they have made,” the organization\r\nasserted. Cybersecurity experts say, however, that cybercriminals should not be trusted to honor their promises.\r\nTuesday’s statement warned victims to be wary of any calls purporting to be from their bank or other financial\r\ninstitutions.\r\nDespite reports of dissension within LockBit, alleged members continue to dominate the hacker landscape with\r\ndozens of attacks each month. The gang recently took credit for an attack on a 100-year-old municipal\r\norganization that manages electrical infrastructure in the city of Montreal\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/dutch-football-association-paid-ransom-lockbit\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/dutch-football-association-paid-ransom-lockbit\r\nhttps://therecord.media/dutch-football-association-paid-ransom-lockbit\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/dutch-football-association-paid-ransom-lockbit"
	],
	"report_names": [
		"dutch-football-association-paid-ransom-lockbit"
	],
	"threat_actors": [],
	"ts_created_at": 1775434087,
	"ts_updated_at": 1775791294,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/929048e52a57870429654860e19996ea02ccfe54.pdf",
		"text": "https://archive.orkl.eu/929048e52a57870429654860e19996ea02ccfe54.txt",
		"img": "https://archive.orkl.eu/929048e52a57870429654860e19996ea02ccfe54.jpg"
	}
}