Cyber Incident Victim: Leicester City Football Club

On May 6, 2019, Leicester City Football Club experienced a network intrusion targeting its online merchandise store, resulting in the theft of customer financial data. The breach compromised payment card information including card numbers, cardholder names, expiration dates, and CVV security codes. The club notified affected customers via email in late May 2019, confirming the exposure of sensitive details but did not publicly disclose the incident until media inquiries emerged. Technical investigations remained ongoing at the time of reporting, with no root cause conclusively identified by the club. Leicester City informed the UK Information Commissioner's Office and law enforcement authorities in compliance with data protection regulations.

Cybersecurity experts cited in reports suggested the Magento ecommerce platform as a potential attack vector, with Magecart-style malware being a plausible method for skimming payment data during transactions. Multiple fans reported unauthorized credit card charges following purchases from the club's store, indicating active misuse of the stolen information. The club's public statement acknowledged the compromise but provided no specifics about the number of affected individuals or the duration of unauthorized system access. No ransomware or extortion demands were referenced in available reports. Leicester City did not respond to direct media questions about security measures in place at the time of the breach or whether third-party vendors were involved in the store's operations. The incident remained under investigation by relevant authorities with no final resolution disclosed in the immediate aftermath.