Dutch law enforcement agencies have arrested a 35-year-old man for hacking into the systems of football club Ajax and stealing the personal details of hundreds of fans.
Dutch Police announced last week that the 35-year-old man was arrested from his residence in the municipality of Buren following investigations into a major data breach reported by the Amsterdam-based football club.
Earlier this year, Ajax football club issued a club statement to reveal that an unauthorised third party based in the Netherlands had gained temporary access to some of its computer systems.
The club said the third party was able to view the email addresses of a few hundred people as well as names, email addresses and dates of birth of fewer than twenty people who were serving stadium bans. The club also admitted that it was possible for the hacker to transfer tickets to others and modify the status of stadium bans.
“We immediately launched an investigation, with the help of external experts, into the cause and scope of the incident,” Ajax said. “We have patched the identified vulnerabilities and strengthened our security further. We have also notified the Dutch Data Protection Authority and filed a police report.”
“For now, we know that access was gained to part of our systems and data, but at this moment we have no indication that the data has been further spread,” the club continued. “Nevertheless, we remind everyone that it is always wise to stay alert for unwanted emails (spam) or phishing messages.”
Ajax’ statement arrived shortly after Dutch news agency RTL reported that the data breach at Ajax was caused by a vulnerability that enabled an attacker to access the personal data of more than 300,000 registered fans, including 538 supporters who were serving stadium bans at the time.
RTL claimed that an attacker could steal or transfer more than 42,000 season tickets and demonstrated it by transferring Ajax director Menno Geelen’s season ticket to the journalist who investigated the hack. “The season ticket holder can do nothing to prevent the theft, as the card suddenly disappears from the account and can no longer be used,” it said. An attacker could also revoke stadium bans and modify the personal information of fans who were serving stadium bans.
“Regarding the unlawful forwarding of tickets and access to stadium bans, we now know that this is no longer possible in the manner demonstrated by your investigation,” Geelen told RTL News. “Although the number of people affected appears limited, we have sent an email not only to them, but to all ticket holders, to alert them to this incident, offer apologies, and ask them to be and remain vigilant for suspicious emails.”
Dutch Police said that after arresting the 35-year-old man from his residence, authorities conducted a raid at his residence and confiscated several data storage devices which possibly connected him to the data security incident at Ajax.
“With the announcement of the arrest, the police wish to emphasize the importance of filing a report. Data from reports provides the police with new insights and generates evidence to track down cybercriminals,” the police said.
Click Here For The Original Source.
