Wide of the net: Football Association of Ireland says player, manager data safe after breach

It was a game of two halves

The Football Association of Ireland (FAI) has confirmed it suffered a security breach of its payroll systems, which was discovered last month, saying no staff data had been compromised.

It was previously feared that hackers could have stolen bank details for leading FAI employees and officials, like Ireland manager Mick McCarthy, and staff were told to monitor their bank accounts for unusual activity – but it looks like cyber-crooks failed to exfiltrate their bounty.

The FAI confirmed that at the source of the recent hacking attempt was a malware infection that was targeting payroll systems at its Abbotstown headquarters and was discovered over the June Bank Holiday.

Football goes into the net/ photo by shutterstock

Own goal for Leicester City FC after fan credit card details snatched in merch store hack


The organisation previously told the Irish Independent that these systems stored names, salaries, contact details, bank account details and Personal Public Service numbers of staff.

"Upon becoming aware of the incident, the FAI immediately engaged external computer forensic experts to assist with investigating the incident," the org said in a statement issued on Wednesday to all current and former staff.

"These investigations found malware on a payroll server but the FAI have assured staff, and former staff, today that there is no evidence of any of their data being extracted from the server."

In the latest statement, the football body noted that all payment data was actually stored off-site, and details relating to ticket sales were handled by a third party, and were thus not affected. Nor was the FAInet system that handles player registration details, introduced in 2016, it said.

"The FAI have treated this matter very seriously and are focused on closing out this incident and preventing any further security incidents," the org added.

The episode can serve as a great example of how to comply with GDPR: the FAI got in touch with the Irish Office of the Data Protection Commission as soon as the breach was discovered – even though there was a chance it could turn into a huge PR disaster. It also informed the police service.

"The Office of the Data Protection Commission has been notified of the incident as well as our efforts to ensure that no data subjects were adversely impacted," the FAI said. ®

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021