West Ham appears to have accidently leaked personal data of supporters on its official website, potentially leaving fans exposed to phishing attacks.
The news was first reported by Forbes on 9th March which revealed that multiple details of fans including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into their accounts on the club’s ticketing website.
The article stated that the official club website showed several error messages earlier today, including an admin message stating “Drupal already installed.” After the author created an account on the site and re-logged in with their credentials, the personal details of another West Ham supporter were displayed.
The news was repeated the following week by the Government’s National Cyber Security Centre which is part of GCHQ Weekly Threat Report 12th March 2021 – NCSC.GOV.UK
Claret and Hugh understand that a a very small number of fans were involved with a club insider calling it a unique and isolated error, which was resolved within minutes of it coming to the club’s attention, at the start of the month.
They says it was triggered due to a third party service provider making technical alterations to the site. A thorough review of this issue has been conducted with this third party, and further security measures have been implemented to ensure the issues experienced by a very small number of users, in single digits, are not repeated. The Club has directly communicated with those affected.
Who has lost their job now?
Incompetent.