PARIS Saint-Germain (PSG), the famous French football club owned by Qatari investors, issued a warning to its fans regarding cyber attacks that affected the online ticketing service of the club last week.
Information was relayed to fans on Monday, April 8, although the incident had been discovered on April 3, as reported by Le Parisien.
The cyber attack occurred just before an important match between PSG and Barcelona in the Champions League quarterfinals. Despite being one of the clubs with the highest wages in Europe, PSG has never won this prestigious tournament.
Football clubs, like other large enterprises, are frequently targeted by cybercriminals seeking financial gains. For instance, Manchester United was a victim of ransomware attacks in 2020, and the Royal Dutch Football Union experienced a similar incident in 2023.
In a communication to fans, PSG disclosed that its IT department had detected unusual attempts to access the ticketing system. The club quickly addressed the vulnerability within 24 hours and implemented additional security measures.
PSG also informed the national data protection regulator, CNIL, about the incident. Under EU regulations, PSG could face fines if any negligence in customer data protection is proven.
The club assured fans that there is no evidence of data extraction or misuse by the attackers. However, the ticketing system contained personal information such as names, email addresses, phone numbers, and dates of birth.
“In this context and in compliance with the law, Paris Saint-Germain is obligated to notify individuals who may have been affected by this malicious activity,” the letter to fans stated.
Cyber attacks targeting football clubs and other major organizations pose a significant threat in today’s world. The PSG incident underscores that even entities with significant financial resources and robust security measures are not immune to cyber threats.