French skilled basketball group LDLC ASVEL (ASVEL) has confirmed that information was stolen after the NoEscape ransomware gang claimed to have attacked the membership.
ASVEL is a French skilled basketball group in Villeurbanne, Lyon, headed by former NBA star Tony Parker. The membership is taken into account probably the most profitable one within the nation, having received 21 nationwide championships and 10 cups.
ASVEL’s says that they have been alerted to a possible breach on October 12 by way of the press, following their addition to NoEscape ransomware’s extortion portal on October 9, 2023.
“Alerted on October 12 by means of the press and having instantly contacted firms specializing within the subject of cybersecurity, LDLC ASVEL is sadly at present capable of affirm that it has certainly been the sufferer of a violation of its pc system, with information exfiltration,” reads a press assertion from ASVEL.
The menace actors claimed to have stolen 32 GB of knowledge, together with the non-public information of gamers, passports and ID playing cards, and lots of paperwork regarding finance, taxation, and authorized issues. NDAs, contracts, confidential letters. Contractual agreements with gamers are additionally allegedly included within the stolen information set.
The NoEscape ransomware gang is utilizing this stolen information as leverage, threatening to publish it by October 20, 2023, until ASVEL contacts them to barter a ransom fee.
ASVEL says they retained cybersecurity specialists who, on October 18, 2023, confirmed that the attackers breached the membership’s techniques and stole information.
Though the breach didn’t impression the membership’s operations, it’s assessing the hurt to 3rd events with information uncovered on this incident.
One concern is the fee particulars of those that purchased tickets, merchandise, and membership membership playing cards from the official web site. As of at present, ASVEL says it has no proof that the attackers have stolen its followers’ fee information or checking account particulars.
The incident has been reported to CNIL (Fee Nationale de l’Informatique et des Libertés), France’s nationwide information safety authority, and a proper criticism is quickly to be submitted to regulation enforcement authorities.
It’s value noting that ASVEL has been faraway from NoEscape’s darknet portal, and the hyperlink to the unique entry now returns a 404 error. Additionally, no information has been leaked.
This might point out that the membership is negotiating with the ransomware gang to stop the leak of knowledge.
NoEscape is a comparatively new ransomware group launched in June 2023, focusing on non-CIS (ex-Soviet Union) organizations with double-extortion assaults and demanding ransom funds starting from a couple of thousand USD to over $10 million.
Believed to be a rebrand of Avaddon, which went defunct in 2021, NoEscape is able to focusing on Home windows, Linux, and VMware ESXi servers.