Manchester United played West Bromwich Albion as scheduled on Saturday, despite a recent cyber-attack on United, officials said. The football club has enlisted the help of cybersecurity pros to investigate what appears to be a targeted attack.
United said it took swift action to contain the incident, although it found no signs of any breach of personal data.
The club is now “working with expert advisers to investigate the incident and minimize the ongoing IT disruption,” it said in a press release last week, right before its friendly game against West Bromwich Albion.
“Club media channels, including our website and mobile app, are unaffected and we are not currently aware of any breach of personal data associated with our fans or customers,” the club said. “All critical systems required for matches to take place at Old Trafford remain secure and operational and tomorrow’s game against West Bromwich Albion will go ahead.”
While it refuses to answer media inquiries, United has disclosed one key detail about the incident – that it was by no means accidental.
“Although this is a sophisticated operation by organized cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this risk,” it said Friday. “Our cyber defenses identified the attack and shut down affected systems to contain the damage and protect data.”
The Register was eager to learn what type of cyber threat United faced last week (i.e. ransomware) but the spokesman reportedly said “there was nothing further to add at this stage,” according to the news site.
Considering the British site’s reporting, one might think the club is overly secretive about the hack on its systems. However, it’s common to withhold all technical details pertaining to a cyber-incident until at least the initial investigation unfolds.
Right now, the important thing is the actors behind the attack don’t seem to have obtained anything valuable from the hack. That being said, it’s not out of the question that any potentially stolen data will surface on the dark web at some point. After all, not being “aware” of any breach of personal data doesn’t mean it hasn’t happened.