Cyber Incident Victim: 1. FC Lokomotive Leipzig
Date:
Sep 2023
Location:
Germany
Summary
A cyber attack targeted the website and online fan shop of FC Lokomotive Leipzig, prompting the club to take the fan shop offline. The action was taken after fraudulent activities were detected, prioritizing system security and customer data protection. The main website remained accessible while a separate ticket provider was unaffected. The incident was reported to data protection authorities and law enforcement, with an investigation launched against unknown perpetrators. Affected customers were to be contacted directly by the fan shop team regarding their orders.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around September 28, 2023, the 1. FC Lokomotive Leipzig football club experienced a significant cybersecurity incident. The club's online fanshop became unreachable as of Thursday afternoon, prompting an immediate response. Following an assessment and consultation with specialists, the club's management made the decision to take the entire website offline from its server. This decisive containment action was publicly communicated via the club's official Facebook page. The club's statement attributed the shutdown to fraudulent activities that had been perpetrated from outside sources in the preceding days. These malicious actions left the organization with no alternative but to disconnect its systems to ensure their security. The primary concern cited for this response was the safety of the club's systems and the protection of user data. The official website was also confirmed to have been affected by the same cyberattack, though it remained accessible for a period after the fanshop was taken down.

The incident triggered a formal response process, including the notification of the club's data protection officer and the relevant authorities. An official police report was filed against unknown perpetrators. Communication with affected customers of the online fanshop was initiated, with the fanshop team tasked with informing them about the subsequent steps to be taken. For urgent matters, a specific email address, [email protected], was provided as a point of contact. The club's separate ticketing provider, Eventim, was confirmed to be unaffected by the attack, allowing ticket sales to continue without interruption. In its public statement, the club management expressed regret over the situation but conveyed confidence in restoring its usual services to supporters in the near future, thanking them for their understanding and patience during the disruption.
