ASVEL basketball team confirms data breach after ransomware attack

French professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club.

ASVEL is a French professional basketball team in Villeurbanne, Lyon, headed by former NBA star Tony Parker. The club is considered the most successful one in the country, having won 21 national championships and 10 cups.

ASVEL's says that they were alerted to a potential breach on October 12 via the press, following their addition to NoEscape ransomware's extortion portal on October 9, 2023.

"Alerted on October 12 through the press and having immediately contacted companies specializing in the field of cybersecurity, LDLC ASVEL is unfortunately today able to confirm that it has indeed been the victim of a violation of its computer system, with data exfiltration," reads a press statement from ASVEL.

The threat actors claimed to have stolen 32 GB of data, including the personal data of players, passports and ID cards, and many documents relating to finance, taxation, and legal matters. NDAs, contracts, confidential letters. Contractual agreements with players are also allegedly included in the stolen data set.

The NoEscape ransomware gang is using this stolen data as leverage, threatening to publish it by October 20, 2023, unless ASVEL contacts them to negotiate a ransom payment.

ASVEL says they retained cybersecurity specialists who, on October 18, 2023, confirmed that the attackers breached the club's systems and stole data.

Although the breach did not impact the club's operations, it is assessing the harm to third parties with data exposed in this incident.

One concern is the payment details of those who bought tickets, merchandise, and club membership cards from the official website. As of today, ASVEL says it has no evidence that the attackers have stolen its fans' payment data or bank account details.

The incident has been reported to CNIL (Commission Nationale de l'Informatique et des Libertés), France's national data protection authority, and a formal complaint is soon to be submitted to law enforcement authorities.

It is worth noting that ASVEL has been removed from NoEscape's darknet portal, and the link to the original entry now returns a 404 error. Also, no data has been leaked.

This could indicate that the club is negotiating with the ransomware gang to prevent the leak of data.

NoEscape is a relatively new ransomware group launched in June 2023, targeting non-CIS (ex-Soviet Union) organizations with double-extortion attacks and demanding ransom payments ranging from a few thousand USD to over $10 million.

Believed to be a rebrand of Avaddon, which went defunct in 2021, NoEscape is capable of targeting Windows, Linux, and VMware ESXi servers.