Paris Saint-Germain (PSG), the Qatari-owned titan of French football, has informed its supporters that a cyberattack targeted the club’s online ticketing service last week.
The warning was shared with fans on Monday, although the incident was detected last week on April 3, according to the letter first published by Le Parisien newspaper.
It comes as the club prepares to face Barcelona on Wednesday in the quarterfinal of the Champions League, the continent’s premier competition. Despite reportedly having the highest wage bill in Europe, PSG has never won the competition.
As major enterprises, football clubs are regularly targeted by opportunistic financially motivated cybercriminals. Manchester United in England was hit by a ransomware incident back in 2020. At the national level, the Royal Dutch Football Association was a ransomware victim in 2023.
The letter PSG sent to fans informs them that the club’s IT department “was challenged by unusual access attempts to the club’s ticketing system.
“Our teams detected a vulnerability which they resolved in less than 24 hours. To this end, additional security measures were immediately implemented.”
According to the club, it informed the country’s data protection regulator, the Commission Nationale Informatique et Libertés (CNIL) on April 5.
Under EU-wide data protection laws, the CNIL could fine PSG if the club was found to have been negligent in protecting customers’ data.
The club said there is no evidence “data has been extracted or exploited by a malicious third party,” but warned fans that the system held a range of personal data including names, email and postal addresses, mobile numbers and dates of birth.
“In this context, and in accordance with the law, Paris Saint-Germain must inform people likely to be affected by this malicious act. This is the purpose of this communication,” the letter stated.
Recorded Future
Intelligence Cloud.