Our system detected that your browser is blocking advertisements on our site. Please help support FoxesTalk by disabling any kind of ad blocker while browsing this site. Thank you.
Jump to content
 Share
jammie82uk

Official Club Notice | Your Data May Have Been Compromised

By jammie82uk, in Leicester City Forum

Recommended Posts

jammie82uk

jammie82uk

Posted
Posted

Just received this email from the club, posting it here Incase people don’t receive or check them 

 

 

Dear customer,

We have immediately launched an urgent investigation into the theft of customer data from our retail website, shop.lcfc.com. Between 12:43pm on Tuesday 23 April 2019 and 10:49am on Saturday 4 May 2019 the security of our platform was compromised, exposing personal and financial details of customers who purchased merchandise during this period.

The breach has now been resolved and the security of our platforms has been fully restored. The police and other relevant authorities have been notified.

We are contacting all affected customers whose data may have been compromised. If you think you may have been affected by this incident, please contact your bank or credit card provider and follow their recommended advice.

The Club extends its sincerest apologies to all customers affected. We take the protection of our supporters’ data extremely seriously. Please be reassured that we will be investigating this breach thoroughly and taking all legal recourse against those responsible for this malicious attack on the Club's retail website.

We will provide further updates as appropriate upon the completion of our investigation.

Leicester City Football Club

 
 
Vacamion

Vacamion

Posted
Posted

I just got one of these emails. 

 

I bought some stuff online from the club shop during the affected period. 

 

I can't see any other transactions of concern on my account, so I don't think I actually have to *do* anything. 

Beechey

Beechey

Posted
Posted (edited)

They really should be telling you what information specifically may have been compromised. Why are card details even stored in their platform in the first place? That's a bit archaic.

Edited by Beechey
  • Like 1
Strokes

Strokes

Posted
Posted
7 minutes ago, Beechey said:

They really should be telling you what information specifically may have been compromised. Why are card details even stored in their platform in the first place? That's a bit archaic.

Yeah if they could publish all the names, addresses and bank details of everyone affected that would be great  :devil:

 

st albans fox

st albans fox

Posted
Posted
Just now, LinekersApples said:

I was robbed of 9.5m in the early noughties

 

£5m on Ade Akinbiyi, £3m on Matthew Jones and £1.5m on Trevor Benjamin

 

Mr.P Taylor (Dagenham)

Shouldn’t that be ‘mr m George ‘ ???

Buce

Buce

Posted
Posted
1 hour ago, Vacamion said:

I just got one of these emails. 

 

I bought some stuff online from the club shop during the affected period. 

 

I can't see any other transactions of concern on my account, so I don't think I actually have to *do* anything. 

 

 

Sorry, mate, I haven't got around to you yet...

  • Haha 1
UniFox21

UniFox21

Posted
Posted
7 minutes ago, Fightforever said:

Is everyone efffected?

 

No.

 

2 hours ago, jammie82uk said:

We have immediately launched an urgent investigation into the theft of customer data from our retail websiteshop.lcfc.com. Between 12:43pm on Tuesday 23 April 2019 and 10:49am on Saturday 4 May 2019 the security of our platform was compromised, exposing personal and financial details of customers who purchased merchandise during this period.

Unless you bought in this period, you're clear. 

  • Thanks 1
Kopic

Kopic

Posted
Posted
1 hour ago, Vacamion said:

I just got one of these emails. 

 

I bought some stuff online from the club shop during the affected period. 

 

I can't see any other transactions of concern on my account, so I don't think I actually have to *do* anything. 

The thing is, when these attacks happen they take all the details of everyone. Just because they haven't used yours yet doesn't mean they dont have them.

UniFox21

UniFox21

Posted
Posted
39 minutes ago, Beechey said:

They really should be telling you what information specifically may have been compromised. Why are card details even stored in their platform in the first place? That's a bit archaic.

If you've paid online, which is what it highlights was impacted, they need to keep a record of whose paid with what card to get the money from your account, which takes a few days, so details need to be kept to go check this. 

UniFox21

UniFox21

Posted
Posted
33 minutes ago, Gamble92 said:

Absolute shambles 

Not really, do you ignore all the times banks and bigger companies get hacked and card info stolen? 

 

Most of the time, if people want to get into a system and have decent know how, they'll get in.

ian_marshall

ian_marshall

Posted
Posted

I think the length of the breach tells you is all that you need to know about how seriously the club appear to take online security. The setup behind the scenes at the club really isn't representative of one of the nations leading football clubs. It's rather concerning given how much data they actually retain. 

Kopic

Kopic

Posted
Posted
43 minutes ago, Beechey said:

They really should be telling you what information specifically may have been compromised. Why are card details even stored in their platform in the first place? That's a bit archaic.

Although it happens a lot, it may not be the case that they've stored them. Its possible to hack websites at the point where you submit your details, it also gets sent to the hackers. It's quite common but I'm not suggesting it is the case here, just another option.

 

1 minute ago, ian_marshall said:

I think the length of the breach tells you is all that you need to know about how seriously the club appear to take online security. The setup behind the scenes at the club really isn't representative of one of the nations leading football clubs. It's rather concerning given how much data they actually retain. 

 As above, it may not be a full site intrusion. Using scripts to take details submitted by customers is harder to detect as everything looks normal and there wont be any logs on the systems etc. It happens a hell of a lot, to big companies as well as small.

  • Like 2
Beechey

Beechey

Posted
Posted (edited)
12 minutes ago, Kopic said:

Although it happens a lot, it may not be the case that they've stored them. Its possible to hack websites at the point where you submit your details, it also gets sent to the hackers. It's quite common but I'm not suggesting it is the case here, just another option.

 

 As above, it may not be a full site intrusion. Using scripts to take details submitted by customers is harder to detect as everything looks normal and there wont be any logs on the systems etc. It happens a hell of a lot, to big companies as well as small.

The attack you're mentioning is an injection attack (specifically XSS). If this has occurred I'm even more concerned about whoever is developing this website than before, because they're one of the simplest attacks to avoid, and one of the most common attacks.

 

I really hope it's not the case.

 

If what @UniFox21 is saying is true, and it's just a record of a purchase, then really, card details should not be in danger here - most stores will keep a note of some card information (mostly for say, end user records: "You bought x item for £x using card ending in 1234", and of course, administration back end uses), but not enough to mimic that card (always no security pin, and most of the time no expiration dates). I'm curious to know precisely what has been lost here.

Edited by Beechey
Adster

Adster

Posted
Posted
2 minutes ago, Beechey said:

The attack you're mentioning is an injection attack (specifically XSS). If this has occurred I'm even more concerned about whoever is developing this website than before, because they're the simplest attacks to avoid, and one of the most common attacks.

 

I really hope it's not the case.

I hope they release an RCA although it's probably doubtful. Will be a great concern if data was comprised by an injection attack. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...