I was told the convicted extornionist who carried out the hack created a fake almost replica UEFA email, eg
jimmy.grimble@uefaa.com.
He then sent an email to our IT using identical formatting, icons and fonts etc as UEFA. The fake email demanded access to the clubs email servers as part of a mandatory UEFA audit. Someone fell for it, God knows what happened to them, and granted the hacker a password
The criminal is considered to be a self taught computer genius and once in the system he used malware to rip a few GB of data.
Although considered admissible by CAS, the ruling made it clear the emails did NOT in anyway reflect actual events and were completely immaterial, another aspect never mentioned in a MSM report.