Leicester City data breach puts fan’s financial data at risk
A data breach has compromised the personal and financial details of supporters registered with Leicester City Football Club (LCFC). The Leicester City data breach impacts customers signed up to its online fan store. Cardholder names, card expiry dates, card numbers, and the three-digit CVV anti-fraud numbers are all at risk.
What do we know about the Leicester City data breach?
Cybercriminals gained access to the club's systems between 23 April and 4 May. Customers who made purchases during this time could now be at risk.
The club has notified the relevant authorities, including the Information Commissioner's Office (ICO). It is obligated to do this by law.
Affected supporters have also been told through an official club notice. Speaking to Leicester Mercury, a spokesperson for LCFC said:
"Upon discovery of the breach, the security of our retail platform was immediately restored and appropriate measures were taken to ensure the security of all other online assets."
"In line with its GDPR responsibilities, the club informed all necessary parties - including potentially affected users, the police and the Information Commissioners Office (ICO) - and launched an immediate investigation into the source of the breach.
"The investigation is currently on-going. The club has been in direct contact with all users that were potentially affected by this breach."
What will happen now?
The ICO has confirmed it is investigating the Leicester City data breach. If LCFC is found to be negligent in the handling of fan data, under the GDPR it could face a substantial fine.
However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. So, if your data was put at risk by the club, you should now make a data breach compensation claim.
The impact of a data breach can be devastating
A data breach can lead to financial fraud and identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.
And, even if nothing has been done with that information as yet, it doesn't mean the data is safe. Working exclusively on data breach and cybercrime cases, it has become clear to our solicitors that the impact and losses people sustain following a data privacy violation are not always immediately apparent. We have seen cases where the impact only became clear months later. This is often because data stolen is used in batches over time.
What's more, even if you haven't lost out financially after a data breach, this doesn't mean that there is "no harm done." A data breach can lead to distress and psychological trauma. And, like the financial losses, the full impact often isn't felt until much later.
What should you do now?
If you are concerned that your data might be at risk following the Leicester City data breach, you should take appropriate steps to protect yourself. Find out more about how to do this here.
Make a Leicester City data breach compensation claim
At Hayes Connor Solicitors, we help our clients with their compensation claims. We do this after their data was put at risk by the organisations they trusted to look after it.
If you have suffered damage or distress caused by the Leicester City data breach, you have a right to claim compensation. At Hayes Connor Solicitors, we've been helping people to do just that for over 50 years. So we know what it takes to make a successful data breach compensation claim.
Crucially, while you might support LCFC, it is vital that they meet their obligations when it comes to protecting your sensitive data. Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often organisations are insured against data breaches, so you don't have to worry about the impact on the team you support.
For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.