What happened?
We recently discovered that a hacker in the Netherlands unlawfully gained access to parts of our systems. Data was viewed. What we now know is that only the email addresses of a few hundred people were viewed. In addition, for fewer than 20 people with a stadium ban, their names, email addresses and dates of birth were accessed. A journalist also demonstrated that it was possible to transfer tickets to others and to modify stadium bans.
We have informed the individuals involved personally. If you have not been contacted by us, then your data has not been affected by this incident as far as we know.
What are the possible consequences?
For now, we know that access was gained to part of our systems and data, but at this moment we have no indication that the data has been further spread. Nevertheless, we remind everyone that it is always wise to stay alert for unwanted emails (spam) or phishing messages.
What have we done?
We immediately launched an investigation, with the help of external experts, into the cause and scope of the incident. We have patched the identified vulnerabilities and strengthened our security further. We have also notified the Dutch Data Protection Authority and filed a police report.
What can you do yourself?
We advise everyone once again to be extra alert to suspicious emails and never click on links or open attachments from unknown senders.
Questions or concerns?
We understand that this message may raise questions. We are ready to answer any questions you may have. Please feel free to contact us via Fancare. We offer our sincere apologies to everyone for these events and any inconvenience caused.