Ransomware victim disclosure
← All victimsSan Siro Stadium
listed as www.sansirostadium.com · Claimed by Apt73 · listed 2 years ago
Status timeline
- ListedNov 30, 2024
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- Italy
- Sector
- Hospitality and Tourism
- Listed on leak site
- Nov 30, 2024
About the victim
AI dossier — public-source company profileSan Siro Stadium is a historic Italian football stadium located in Milan that operates as a major sports and entertainment venue. In addition to hosting matches and concerts, it runs a museum and tour operation, offers event spaces for corporate functions, and features retail and hospitality services.
- Industry
- Sports & Entertainment Venues
- Address
- Piazzale Angelo Moratti, 20151 Milano, Italy
Attack summary
Severity: high — Confirmed exfiltration of sensitive PII (athletes' personal data, UEFA officials' contacts) and evidence of operational system compromise (control machines, big screens); public disclosure of attack; no ransom demand suggests data already published or threatened.APT73 claims to have gained access to stadium systems including administrative machines, main control stations, big screens management systems, and databases containing footballers' personal data and UEFA contact information.
Data the group says was taken
AI dossier — extracted from the leak post- Footballers' personal data
- UEFA personal contact data
- Administrative machine access credentials
- Control systems data
- Big screens management systems
What the group claims
Italian stadium. Total machines accesses, main stations, footballers' personal data, UEFA personal contact data, big screens control machines. 1 ...
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

