United confident fan data safe after cyber attack

LONDON • Manchester United have conducted forensic investigations following a "sophisticated" cyber attack on the Premier League club's computer systems and are working with the National Cyber Security Centre (NCSC) to assess the damage.

The Red Devils said they had experienced a cyber attack last week and had shut down affected systems to protect data, though the club's media channels, including their website and mobile app, were unaffected.

"The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand impact," a spokesman for the security agency told the British media.

United added the attack had not impacted match-day operations.

"Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations," the club said in a statement. "This attack was by nature disruptive, but we are not aware of any fan data being compromised. Critical systems required for matches at Old Trafford remained secure and games have gone ahead as normal."

United, who will travel to Southampton for their league game at St Mary's tomorrow, also said they would not comment on those responsible for the attack and refused to confirm media reports they received ransom demands from hackers.

According to the Daily Mail, hackers are demanding "millions of dollars", with United's network reportedly infected by ransomware. The BBC added that staff still have no access to their e-mail, and other functions remain unavailable.

It is not known who the criminals are. While United assured their fans that there has been no data protection breach, the club could face fines of £9 million (S$16 million), £18 million or two per cent of their total annual turnover from the independent government body, Information Commissioner's Office, if there is a leak.

In 2018, Manchester City's internal e-mails were hacked, leading to a Uefa investigation into financial fair play violations that resulted in a two-year Champions League ban that was overturned in July.

Warning that sports clubs are vulnerable to hackers, the NCSC told the Mail: "The business impact of ransomware attacks can be disastrous. Since 2018, ransomware attacks have been growing in impact. The criminals carrying out the attacks are taking more time to analyse victim networks and understand the 'value' of the target organisation."


A version of this article appeared in the print edition of The Straits Times on November 28, 2020, with the headline 'United confident fan data safe after cyber attack'. Print Edition | Subscribe