Image source, Getty Images
- author, James McCarthy
- role, BBC News
A cybersecurity breach has exposed the personal data of tens of thousands of Welsh Rugby Union Supporters' Club members.
According to technology website CyberNews, the personal information of around 70,000 people was leaked.
These include names, addresses, phone numbers, emails and payment details.
The WRU acknowledged there had been a leak but said the 70,000 figure was a result of duplicate data and the actual figure was likely lower.
The company denied that payment information was leaked.
According to the Cybernews website, the company's researchers used so-called “white hat” hacking techniques.
A white hat hacker is a hacker who non-maliciously seeks out information leaks and security flaws within an organization.
Vincentas Baubonis, head of security research at CyberNews, said leaking members' data would have “serious” security implications.
He said the technology could be used to target and defraud victims in phishing attacks.
The leaked emails and phone numbers could potentially be used to take over other accounts of WRU customers.
Baubonis said people could also be targeted through infected attachments or malicious links.
He also warned of the possibility of personal information leak attacks.
This is when personal information is made public with malicious intent.
“Bad actors could use this personal information to commit theft, robbery or physical intrusion,” Baubonis said.
The Welsh Rugby Union has confirmed that an investigation is ongoing into a suspected cyber security breach.
The company said the issue involved supporters club member data held by a third party and that it was investigating.
The company said it is working with a third-party service provider, who is conducting its own investigation.
“All this data has been removed from online sources and we can confirm that no passwords or payment details were leaked,” the spokesperson said.
“After a thorough review of all systems and processes, we found no other vulnerabilities or suspicious activity in WRU systems.”
