The Royal Spanish Football Federation (RFEF) disclosed on Thursday that it will report the incident to the National Police. Investigators are looking into a computer breach that reportedly compromised information from email accounts as well as private text and voice conversations of senior administrators, including the federation’s top leadership. The federation stated that the intrusions could have exposed sensitive communications and internal records, and that the stolen material may have been disseminated to various media outlets with likely criminal intent.
According to the RFEF, all signs point to unauthorized extraction of data from private terminals used by the president and the secretary general. It is suspected that the compromised material could have been obtained illegally and released to different media outlets, potentially to influence public perception or drive a narrative. The federation indicated that the disclosure follows reports from an unidentified informant who reportedly suggested to a journalist that a new tranche of illegally obtained material would be released. An encrypted voice file and other data allegedly surfaced through a mobile application, and were subsequently shared with media contacts.
The federation added that, through third-party intermediaries, the media organization cited in the reports allegedly quoted secret contracts, private WhatsApp conversations, emails, and extensive documentation from RFEF management areas. If verified, these disclosures could amount to breaches of confidentiality and violations of the fundamental rights of those affected, raising serious legal and ethical concerns about data protection and journalistic responsibility.
RFEF affirmed that the facts have been reported to the security and integrity department and that the federation will continue to condemn what it calls criminal and mob-like activity. It stressed that alleged “attempted computer attacks” targeting federations and their administrators have been a recurring issue, and that these actions were reportedly detected and reported to the police as phishing and other familiar intrusion techniques emerged over recent months.
As explained by the federation, the incident necessitated engaging a specialized cyber-security firm to conduct a secure operation aimed at preserving evidence and raising the level of protection against future attempts. The process, executed with coordination from the RFEF’s security and integrity unit, involved safeguarding compromised material and implementing additional safeguards to mitigate risk in ongoing digital communications and document handling. This step sought to ensure that any potential leakage would be contained and that ongoing governance processes remained protected.
In the federation’s account, three executives, including the president and the secretary general, provided support during the response. The report indicates that the attackers aimed to orchestrate the public disclosure of confidential documents with likely deceptive intent, a move that could amount to organized crime activity if proven in court. The RFEF reiterated its commitment to transparency in its ongoing operations and to cooperating with law enforcement authorities to pursue accountability for those responsible and to protect the integrity of federation decisions and communications [Attribution: RFEF statement].