Data breach: West Ham United accidentally exposes hundreds of fans’ email addresses
West Ham United suffered a data breach yesterday when it accidentally shared hundreds of season ticket-holders’ data with one another.
UK data protection watchdog the Information Commissioner’s Office (ICO) is looking into the breach at the club, whose staff’s email blunder resulted in up to 200 supporters seeing each other’s details.
Read more: 20,000 Superdrug customers targeted by cyber criminals
Supporters called it “hugely embarrassing”.
https://twitter.com/JackLebeau66/status/1032604818437746690
https://twitter.com/MarshyBoy26/status/1032619681063030785
The error occurred when West Ham emailed away season ticket-holders to confirm they have tickets for the club’s League Cup match next week against AFC Wimbledon.
City A.M. understands that no personal information aside from the email addresses was exposed. The club has apologised to affected supporters and reported the breach to the ICO today.
West Ham declined to comment.
The breach occurred under new data protection rules that allow regulators to issue maximum fines of £17m, or four per cent of an organisation’s turnover.
The new Data Protection Act came into force in May and mirrors the EU’s General Data Protection Regulation, which toughens rules governing organisations’ use of people’s personal data.
“We are aware of an incident involving West Ham United FC and are making enquires,” an ICO spokesperson said.
The regulator is also investigating a breach at Dixons Carphone affecting 10m customers and a Ticketmaster incident that hit up to 40,000 people.
Read more: Old foes Emery and Pellegrini meet again in London derby