Ethical Hacking News
Recent cyberattacks on the English Football League have left fans and clubs reeling, with several high-profile incidents in recent months. The latest breach involves Leeds United FC, which was targeted by cybercriminals during a five-day assault on its retail website in February 2025.
Cybersecurity breaches have targeted several high-profile clubs in the English Football League (EFL), including Leeds United FC, Bristol City, and Sheffield Wednesday.A recent attack on Leeds United's retail website resulted in the theft of customer card details, highlighting the need for robust cybersecurity measures.The EFL has issued warnings to its member clubs about phishing emails and has urged fans to remain vigilant when opening emails from suspicious senders.Ransomware groups such as RansomHub have been involved in several high-profile attacks on football clubs in recent months.Cybersecurity breaches are becoming increasingly common, with organizations across various sectors being targeted by cybercriminals.
Cybersecurity breaches have left a trail of destruction in their wake across the English Football League (EFL), with several high-profile clubs falling victim to the nefarious activities of cybercriminals. The most recent incident involves Leeds United FC, which was targeted by cyber criminals during a five-day assault on its retail website in February 2025.
According to reports, the attack took place between February 19 and 24, during which time the attackers were able to steal the card details of "a small number of customers" who had made transactions on the club's online shop. The breach was discovered by Leeds United upon discovering suspicious activity on its email systems, and measures were quickly put in place to stop and recover from the attack.
The EFL has issued alerts to all 72 clubs under its remit not to open emails purporting to be from Bristol City's CFO Vicki Long or Sheffield Wednesday's finance director John Redgate. The league has also warned fans to remain vigilant and to be cautious when opening emails that appear to be from the clubs.
The EFL is just one of several organizations to have been targeted by cybercriminals in recent weeks. In September 2024, rival clubs Bristol City and Sheffield Wednesday were both breached, with attackers sending phishing links to fans and gaining access to their email systems.
RansomHub, a notorious ransomware group, has also been involved in several high-profile attacks on football clubs in recent months. In November 2024, Bologna FC was hit by RansomHub, while the San Francisco 49ers – who play American football – were attacked by the extortionists at BlackByte in 2022.
The rise of cybercrime and ransomware attacks has been a major concern for organizations across various sectors, including sports. The English Football League is one of several leagues that have been targeted by cybercriminals in recent months, highlighting the need for robust cybersecurity measures to be put in place.
Jake Moore, global cyber security advisor at Slovak security shop ESET, claimed it's likely the attackers were able to lift card details used in every transaction processed by Leeds United's club shop during the five-day period it was compromised. "These types of attacks are cleverly able to penetrate a website and take copies of all payments with ease whilst hiding undercover," he said. "In a short space of time, cybercriminals would have been able to swipe card payment details from all transactions from within the time frame affecting all customers from that time."
The incident highlights the importance of robust protection and due diligence by websites handling user's financial data. It also underscores the need for website admins to monitor any anomalies, however small.
In addition to the breach at Leeds United FC, several other organizations have been affected by cybercrime in recent months. A US minerals company was breached in February 2025, with attackers making off with $500,000. Critical PostgreSQL bug has also been tied to a zero-day attack on the US Treasury, while a high-complexity bug was unearthed by infosecers at Rapid7.
Furthermore, there have been allegations of harassment against DEF CON veteran, with more than a dozen women coming forward with accusations.
Cybersecurity is an ever-evolving landscape, and organizations must remain vigilant in order to protect themselves from the threats that lurk in cyberspace. As we continue to navigate this complex and ever-changing world, it is essential that we prioritize cybersecurity and take proactive steps to prevent breaches like the one that affected Leeds United FC.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Breaches-Sweep-English-Football-League-Leaving-Fans-and-Clubs-Reeling-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/05/leeds_united_card_swipers/
Published: Wed Mar 5 07:56:33 2025 by llama3.2 3B Q4_K_M
