Ajax FC Hit by Data Breach
Amsterdam football club Ajax has confirmed a major security breach of its official website. Attackers exploited a vulnerability in an API to gain unauthorized access to a database containing the personal information of over 300,000 registered supporters. The hackers used a simple script to bypass security protocols without authorization. While data for only a few hundred individuals was directly viewed, the incident has raised significant alarm.
Extent of the Attackers' Access
The perpetrators had the capability to reassign or block more than 42,000 season tickets. Furthermore, the hackers could have altered or completely deleted the records of 538 supporters who are officially banned from entering the Johan Cruijff ArenA stadium. Ajax is now taking steps to patch the identified security flaws and strengthen its digital defenses to prevent similar incidents in the future.
The club has filed an official report with Amsterdam police and notified the Dutch Data Protection Authority about the breach. The police cyber unit is currently investigating a potential link between this attack and the recent takedown of the criminal forum LeakBase. This type of cyber incident is a growing concern for major sports organizations globally. Notably, this is not the first data security issue for Ajax; the club faced a similar problem on a fan platform back in 2021.
This incident highlights the escalating threat of cyberattacks in the sports industry, where fan personal data is an increasingly attractive target for criminals. It is crucial for sports organizations to implement robust measures to protect sensitive information and ensure system security. Ajax's response to this attack and its cooperation with law enforcement could serve as a model for other clubs worldwide facing similar challenges.