Football Australia is investigating a possible data leak which could include the player contracts and personal information of players and club members around the country.
An independent cybersecurity research publication reported that passports details were among information leaked online which could potentially affect every local customer or fan.
Cybernews suggested the 127 “buckets of data”,, including ticket buyers’ personal data and players’ contracts and documents, had been leaked. The report also said Football Australia fixed the issue “after the team informed the organization about it”.
On Thursday afternoon FA confirmed it was investigating.
“Football Australia is aware of reports of a possible data breach and is investigating the matter as a priority,” a statement said.
“Football Australia takes the security of all its stakeholders seriously. We will keep our stakeholders updated as we establish more details.”
The researchers said the leak, likely due to human error and not a cyberattack, could have left FA exposed for nearly two years.
“While we cannot confirm the total number of the affected individuals, as it would require downloading the entire dataset, contradicting our responsible disclosure policies, we estimate that every customer or fan of Australian football was affected,” the Cybernews researchers said.
“The exposed data, including contracts and documents of football players, poses a severe threat as attackers could exploit this information for identity theft, fraud, or even blackmail, emphasising the urgent need for improved security practices and measures to safeguard sensitive data.”
Tens of millions of Australians have been left exposed in recent security breaches including customers of Optus, HWL Ebsworth, Latitude Financial, Medibank, DP World and Dymocks.