French football giant PSG says hackers targeted its ticketing system

Paris Saint-Germain (PSG), the Qatari-owned French football club, has said that a cyberattack targeted its online ticketing system before Wednesday’s clash with Barcelona in the Champions League.

According to the club’s letter to the fans, first published by Le Parisien, the incident was detected last week and shared with supporters on Monday.

“Madam, Sir, on April 3rd, the Information Systems Department of Paris Saint-Germain was challenged by unusual access attempts to the club's ticketing system,” says the letter.

“Our teams detected a vulnerability, which they resolved in less than 24 hours. Additional security measures were immediately implemented.”

PSG says the club promptly informed the CNIL, the data protection authority for France, of the incident. Under the European Union’s data protection laws, the CNIL could fine PSG if the club was found to have been negligent in protecting customers’ data.

PSG says there is no evidence data has been extracted or exploited by a malicious third party but then warns the fans that the system held some of their personal data, including names, email and postal addresses, mobile phone numbers, and dates of birth.

Based on the description of the incident, it appears to have been a credential-stuffing attack. When executing such attacks, threat actors gather credentials that were exposed in data breaches and use them to log into other websites.

Football clubs, of course, are huge enterprises and are often targeted by cybercriminals. For example, the Royal Dutch Football Association was claimed by the infamous LockBit ransomware gang in 2023, and in 2020, a cyberattack hit Manchester United’s systems.

Back on the ground, police in London, Madrid, and Paris deployed additional forces and stepped up security measures this week after Islamic State threatened to target the Champions League quarterfinal matches, according to France’s interior minister Gerald Darmanin.

More from Cybernews:

Ft. Worth, Texas county agency hit by Medusa ransomware gang

Apple privacy protections called into question

The $100 cybersecurity budget – how cyber pros would spend it

Microsoft is certain its Arm-based AI PCs will outperform the newest MacBook Air

Regrets among some Apple Vision Pro users as headset sits unused

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked