England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site.
The threat actor allegedly stole 129GB of data from the organization’s systems and announced that it will soon publish the files, unless a ransom is paid.
England Hockey is aware of the threat actor’s claims and has prioritized an inquiry that involves both internal teams and external experts to determine what happened.
“We are aware of an incident involving England Hockey and are currently investigating the matter as a priority,” the field hockey organization said in a statement for BleepingComputer.
“As part of this investigation, we recently became aware of a post from the group claiming to be responsible for this incident,” a representative said.
“We are working with external specialists to help understand what this means. We are also cooperating with all relevant authorities, including law enforcement,” England Hockey
The organization is responsible for running, regulating, and developing the sport of field hockey nationwide, from grassroots participation to elite national teams. It has a membership of more than 800 clubs across the country, 150,000 registered club players, and 15,000 coaches, umpires, and officials.
England Hockey states that it cannot comment on specific details at the moment because of the ongoing investigation.
“We take data security matters extremely seriously, and understanding what, if any, data may have been impacted in this incident is a top priority of our ongoing investigation,” assured England Hockey.
Source: BleepingComputer
AiLock is a relatively new ransomware operation that engages in double-extortion attacks. It was documented on April 1st, 2025, by researchers at cybersecurity company Zscaler, who noted that the threat actor was “leveraging sophisticated extortion tactics targeting enterprise networks.”
The hackers reportedly use privacy law violations as leverage in negotiations. They give victims 72 hours to respond and start negotiating, and wait five days for the payment under the threat of leaking stolen data and destroying recovery tools.
According to past analysis from S2W Talon’s researcher Huiseong Yang, the ransomware uses ChaCha20 and NTRUEncrypt to lock files, appending the .AILock extension to the encrypted copies, and leaving ransom notes in all impacted directories.
While England Hockey hasn’t confirmed a data breach yet, players in the country should be vigilant for suspicious account activity and phishing attempts, and treat unsolicited communications with caution.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
