The governing body for field hockey in England has launched an urgent investigation after cybercriminals claimed to have compromised its systems and stolen sensitive data.
England Hockey confirmed it is examining allegations from the AiLock ransomware gang, which listed the organization as a victim on its data leak site. The threat actors claim to have exfiltrated 129GB of data and are threatening to publish the files unless a ransom is paid.
"We are aware of an incident involving England Hockey and are currently investigating the matter as a priority," the field hockey organization said in a statement.
%20(1)%20(1).webp)
The organization became aware of the cybercriminals' public claims during their ongoing investigation. "As part of this investigation, we recently became aware of a post from the group claiming to be responsible for this incident," a representative said.
England Hockey has mobilized both internal teams and external cybersecurity specialists to assess the situation. "We are working with external specialists to help understand what this means. We are also cooperating with all relevant authorities, including law enforcement," the organization stated.
The potential breach affects a significant sporting organization that oversees field hockey across England. England Hockey manages more than 800 clubs nationwide, serves 150,000 registered club players, and coordinates 15,000 coaches, umpires, and officials.
Officials emphasized their commitment to data protection while acknowledging the limitations of commenting during an active investigation. "We take data security matters extremely seriously, and understanding what, if any, data may have been impacted in this incident is a top priority of our ongoing investigation," England Hockey assured.
The AiLock ransomware operation represents a relatively new but sophisticated threat in the cybercriminal landscape. Security researchers at Zscaler first documented the group on April 1st, 2025, noting that the threat actor was "leveraging sophisticated extortion tactics targeting enterprise networks."
The ransomware group employs double-extortion tactics, combining data theft with system encryption. According to cybersecurity analysis, AiLock uses privacy law violations as additional leverage during ransom negotiations.
The threat actors follow a specific timeline for their attacks, giving victims 72 hours to respond and begin negotiations. They then allow five days for payment before threatening to leak stolen data and destroy recovery tools.
Technical analysis reveals that AiLock ransomware uses advanced encryption methods, specifically ChaCha20 and NTRUEncrypt algorithms to lock files. The malware appends the .AILock extension to encrypted files and leaves ransom notes throughout compromised systems.
While England Hockey has not yet confirmed whether a data breach actually occurred, the incident highlights growing cybersecurity threats facing sporting organizations. The investigation continues as officials work to determine the full scope of any potential compromise.
Field hockey players and stakeholders should remain vigilant for suspicious account activity and potential phishing attempts while the investigation proceeds. The case underscores the importance of robust cybersecurity measures for organizations managing large member databases and sensitive personal information.