UK’s cyber security agency assisting Manchester United after attack
The UK’s cyber security agency is assisting Manchester United over a cyber attack earlier this month which has left the football club unable to yet fully restore its computer systems.
The Premier League club confirmed the hacking on November 20 and said it was not “aware of any breach of personal data associated with our fans and customers”.
As of Thursday night, club staff still did not have access to email, and some other functions were also unavailable.
The National Cyber Security Centre (NCSC) is now assisting the team.
A spokesperson said: “The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand impact.”
On Thursday, the Premier League side reiterated they were not currently aware of any fan data being affected.
In a statement, United said: “Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations.”
Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal
The club said it would not comment on who was “responsible for this attack or the motives”.
The statement continued: “This attack was by nature disruptive, but we are not currently aware of any fan data being compromised.
“Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal.”
Last week, United informed the Information Commissioner’s Office, as required.
They could face a fine from the data regulator if fan data is compromised as a result of the cyber attack.
On November 13, Ticketmaster was issued a £1.25 million fine for failing to keep its customers’ personal data secure in a 2018 attack.
Earlier this month, the NCSC’s annual review showed the organisation defended the UK from more than 700 cyber attacks over the last year.
It noted a rise in the number of ransomware attacks – where attackers lock access to data until a ransom is paid – being deployed.
The NCSC said it dealt with more than three times as many ransomware incidents compared with last year and noted that criminals were changing their approach during such attacks to increasingly threaten to leak information publicly unless payment is made.
United’s network has been affected by ransomware, the Daily Mail reported.
The NCSC’s report also revealed it had scanned more than one million IP addresses linked to the NHS for vulnerabilities as part of efforts to protect the health service.
Out of 723 cyber incidents between September 2019 and the end of August this year handled by the agency, 194 were directly linked to the coronavirus pandemic.