Back to Data breach

Data breach

Data breach on official Leicester City Football Club (LCFC) website compromises financial information of customers.

leicester-city-football-club-data-breach

On May 31, 2019, English football club, Leicester City Football Club (LCFC), announced that the financial data of its supporters who made purchases on its official website was breached. The compromised information included card numbers, names of card holders, expiration dates, and CVV numbers.

What happened?

Between April 23 and May 6, 2019, hackers accessed the LCFC official site's database, which contained the payment information of customers who shopped on its online store. All customer credit card details were compromised, except those that used SecureCode, MasterCard's optional authentication feature for online transactions. LCFC has not revealed the exact number of affected customers, so the extent of the damage is still unknown.

To comply with GDPR regulations, the football club notified potentially affected users about the breach as well as the police and the Information Commissioners Office (ICO), which is currently investigating the breach. With the help of a cybersecurity team, the club has reviewed their security systems and implemented strong security measures for their other online sites, too.

Threats are everywhere, and it's important to be prepared for such incidents. If you want to avoid disasters like these and stay out of the news for the wrong reasons, investing in a comprehensive SIEM solution like ManageEngine Log360 is key. Download a 30-day, free trial to start combating internal and external security attacks.

How ManageEngine can help:

Log360, our comprehensive SIEM solution, can help your organization by:

  • Alerting security teams in real time about events that require their immediate attention, such as network attacks, unauthorized access attempts to files or folders, security group membership changes, and account lockouts.
  • Detecting unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database, through which it can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. Its global IP threat database contains more than 600 million blacklisted IP addresses that are collected from trusted open-source threat feeds and updated daily.
  • Finding potential insider threats with its user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user, and then notifying security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, Log360 employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
  • Obtaining important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raising incidents as tickets to specific technicians in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.

Download a free trial of Log360 to see the tool in action for yourself.

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.