WRU: Data of thousands of members leaked in cybersecurity breach
- Author, James McCarthy
- Role, BBC News
-
Data belonging to tens of thousands of Welsh Rugby Union supporters’ club members has been exposed in a cybersecurity breach.
Details of almost 70,000 people have been leaked, according to tech website Cybernews.
These include names, addresses, phone numbers, emails and payment details, it said.
The WRU said there had been a breach but said of the 70,000 figure, the data was duplicated, meaning the true number would be less.
It denied that payment information had been compromised.
Cybernews’ website says its researchers used so-called “white-hat” hacking methods.
A white-hat hacker is one who finds organisations’ leaks and security flaws without malicious intent.
Cybernews’ security research chief, Vincentas Baubonis, said exposing members’ data had “severe” security implications.
It could be used to target people in phishing attacks, he said, or to defraud victims.
Leaked emails and phone numbers could be used to take over other accounts belonging to WRU customers.
Mr Baubonis said they could also be targeted with infected attachments or malicious links.
And he warned of possible doxxing attacks.
That is when an individual’s information is published with malicious intent.
“Malicious actors may use these doxxed details for theft, burglary, or physical incursion,” Mr Baubonis said.
The Welsh Rugby Union confirmed an investigation was under way into a suspected cyber security breach.
It said it concerned the data of supporters’ club members held by a third party and that it was investigating.
It said it was working with that third party, a service provider, which was carrying out its own inquiry.
A spokesman said: “All of this data has since been removed from the online source and it has already been established that no password or payment information has been compromised.
“No other vulnerabilities or suspicious activities have been found in WRU systems after a thorough review of all systems and processes.”