Football Australia, the governing body for association football (soccer) in Australia, suffered a data breach when AWS IAM credentials were exposed in a misconfigured Amazon S3 bucket. The exposed access key was an IAM user key (not a temporary role credential), providing persistent access. Researchers who discovered the issue in late 2022 found the bucket contained AWS credentials, private keys, and backend source code alongside a cache of player and fan registration data. Exposed personal data included names, email addresses, physical addresses, phone numbers, and dates of birth for both registered players and football fans. The incident was part of a broader pattern of AWS credential mismanagement in Australian sports organizations and was investigated by the Office of the Australian Information Commissioner (OAIC).