Manchester United resists ‘sophisticated’ cyber attack
The incident was contained and the football club suffered no customer data loss or service disruption
Manchester United Football Club has disclosed a ‘sophisticated’ attempt to compromise its digital systems by organised cyber criminals.
The cyber attack forced the football club to bring in third-party advisors to investigate the incident and minimise the IT disruption caused, which the club described as “ongoing” when revealing the attack on Friday evening.
The football club’s social media channels, including its website and mobile app, were unaffected, and as things stand there’s no indication that any personal data was compromised. Critical matchday systems, meanwhile, remained operational and the game against West Bromwich Albion went ahead as normal.
“The club has taken swift actions to contain the attack and is currently working with expert advisers to investigate the incident and minimize the ongoing IT disruption,” Manchester United said in a statement.
“Although this is a sophisticated operation by organized cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this risk. Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data.”
The footballing industry is rife for all kinds of cyber attacks, from phishing to intrusion, for a number of reasons including the sums of money that clubs at the highest level handle.
In July, for instance, the National Cyber Security Centre (NCSC) called for greater security awareness among the sport’s elite clubs and individuals after several scares in recent months and years. As part of the NCSC report, it was revealed the managing director of an unidentified Premier League football club narrowly avoided losing £1 million during a transfer window after their email account was targeted by hackers.
Fellow Premier League rivals Leicester City Football Club suffered a breach in June 2019 meanwhile, in which hackers made away with financial details of a handful of supporters, including card numbers and CVV security codes.