Leeds United football club recently became the victim of a cyberattack that targeted its retail website between February 19 and 24. Fans of the club received alarming emails notifying them that their card details had been compromised during the attack. This breach marked an unusual and distressing turn of events for supporters, as it is typically only match-related frustrations they face. The club expressed deep frustration over the breach, stating that the attackers had managed to bypass multiple layers of cybersecurity protections. In response, Leeds United assured their supporters that steps were taken to address the issue and prevent further damage.
The club quickly acted by engaging a specialist third-party firm to conduct a forensic investigation into the incident. The investigation aimed to determine how the attackers gained access to customer data and to prevent any future occurrences. Leeds United emphasized that control over the systems was regained as soon as possible. Following the discovery of the breach, the club apologized to those affected by the incident, ensuring that they would take all necessary steps to address the issue. The club also confirmed that they are continuing to work with the Information Commissioner’s Office to ensure compliance and follow the necessary procedures.
Leeds United’s experience is not an isolated case, as other football clubs have also been targeted in recent months.
The Mail Online reported similar incidents involving Sheffield Wednesday and Bristol City, both of which had experienced cyber-attacks. In these cases, fans reported receiving suspicious emails from the clubs, with some being misled by fake communications claiming orders had been despatched. In both attacks, phishing emails were sent from cybercriminals impersonating senior figures at the clubs, including the finance director and chief financial officer.
These incidents demonstrate that cyber-attacks are increasingly targeting sports organizations, and they highlight the vulnerability of both clubs and their fans.
This wave of cyberattacks against football clubs calls attention to the growing need for improved cybersecurity across the sports industry. The increased frequency of these incidents indicates that attackers are focusing on vulnerable organizations that store valuable personal and financial data. As cybercriminals target football clubs for sensitive customer information, it is crucial that these organizations invest in stronger security measures. The Leeds United breach, along with similar attacks on other clubs, serves as a reminder for the industry to prioritize cybersecurity, protecting both their supporters’ data and their own reputations in an increasingly digital world.
Reference:
