Details of around 70,000 members leaked
The data of tens of thousands of Welsh Rugby Union Supporters Club members has been exposed in a cybersecurity breach.
According to tech website Cybernews, the details of nearly 70,000 people have been leaked.
This includes name, address, phone number, email and payment details.
The Women’s Resource Administration said there were indeed irregularities but said the 70,000 figure was duplicated, meaning the true number is lower.
The company denied that payment information had been compromised.
The Cybernews website said its researchers used so-called “white hat” hacking methods.
White hat hackers are those who, without malicious intent, discover leaks and security vulnerabilities in an organization.
Vincentas Baubonis, director of security research at Cybernews, said leaking member data poses “serious” security risks.
He said it could be used to target people in phishing attacks or to trick victims.
The leaked emails and phone numbers could be used to take over other accounts of WRU customers.
They may also be targeted with infected attachments or malicious links, Mr Baubonis said.
He also warned of the possibility of human doxing attacks.
This is when personal information is released with malicious intent.
“Malicious actors could potentially use this compromised information to conduct theft, burglary or physical intrusion,” Mr Baubonis said.
The Welsh Rugby Union has confirmed it is investigating a suspected cybersecurity breach.
The company said the matter involved fan club member data held by a third party and was investigating.
The company said it was working with a third-party service provider to conduct its own investigation.
A spokesperson said: “All of this data has been removed from the internet and it has been determined that no passwords or payment information were compromised.
“Following a thorough review of all systems and processes, no additional vulnerabilities or suspicious activity were identified within WRU systems.”
