Leeds United Football Club has recently found themselves in a situation where they had to communicate some unpleasant news to their supporters. Following a cyber-attack on the club’s retail website back in February, the club had to inform a number of fans that their card details may have been compromised during the breach.
In an official statement released on their website, Leeds United expressed their frustration at the attackers managing to bypass their cybersecurity measures. They assured supporters that a forensic investigation had been conducted by a specialist third party once the breach was discovered, and steps were taken to stop the attack and regain control of their systems. The club also disclosed that they are working closely with the Information Commissioner’s Office to address the issue.
Unfortunately, this incident is not an isolated case in the football world. Earlier in the season, two other clubs in the same tier as Leeds United, Sheffield Wednesday and Bristol City, also fell victim to cyber-attacks. Fans of Bristol City reported receiving suspicious emails from the club, similar to the phishing emails sent out from senior figures at Sheffield Wednesday. These incidents highlight the vulnerability of football clubs to malicious cyber activities.
The circumstances of the attack on Leeds United bear a resemblance to a previous incident involving the NFL team, The Green Bay Packers. In that case, a threat actor hacked the team’s online retail store and stole customers’ personal and payment information. The club offered credit monitoring and identity theft restoration services to affected customers as a goodwill gesture.
Security experts have commended Leeds United for their swift response to the cyber-attack. Javvad Malik from KnowBe4 praised the club for their handling of the incident and emphasized the importance of cybersecurity awareness in the sports industry. James McQuiggan, also from KnowBe4, advised individuals to be proactive in monitoring their financial accounts to prevent fraudulent activity by cybercriminals.
In a blog post by Tripwire, it was pointed out that attackers target individuals and organizations indiscriminately to gain access to valuable information and credentials. Given the large customer base of major football clubs, they are attractive targets for cybercriminals looking to exploit vulnerabilities and capitalize on the loyalty of supporters.
As the investigation into the cyber-attack on Leeds United continues, fans are urged to remain vigilant and take necessary precautions to protect their financial security. The incident serves as a reminder of the importance of cybersecurity measures in an increasingly digital world, especially in industries with a high level of public engagement like professional sports clubs.