Scottish Football Association Suffers Third-Party Data Breach

“I’d rather be associated with being hacked by some porn site,” says one unhappy football fan

The Scottish Football Association (SFA) has suffered a serious data breach, with members of the Scotland Supporters Club, past and present, being sent phishing scam emails this morning.

The suspect emails were sent from the Scottish FA’s official email account and purported to include details of an invoice for £170, encouraging Scotland fans to click on a malicious link.

Phishing

The email read: “Please find attached invoice INV-01951 (Amended) for 170.00 GBP.

“This invoice was sent too early in error. The payment date should be 7th December 2016. Kindly accept our apologies for the oversight and for any inconvenience caused.

“The amount outstanding of 170.00 GBP is due on 07 Dec 2016.”

sfa-tweetsThe SFA posted a message on its website to warn fans, which read: “We would like to apologise to those who have received a spoof email this morning purporting to be from the Scottish FA.

“The email asks recipients to click a link where they can pay an outstanding bill.

“This has occurred due to a third-party email database being compromised.”

The SFA also urged all recipients of the email to delete it immediately and recommended that anyone who may have opened it run a security check on their computer to ensure no malware was installed.

The SFA added: “We would like to assure all supporters that no bank or credit card details have been shared.

“We have moved to delete this account and the issue has been raised with our suppliers.”

Scotland fans were quick to voice their concerns on Twitter.

One fan said: “I just got this – haven’t been a member in eight years. Not happy about my details being hacked.”

Another disgruntled fan added: “Good target for a scam us fans. Been forking out money to get nothing in return for years now.”

Another noted: “I’d rather be associated with being hacked by some porn site than the Scottish Football team at the moment.”

The SFA said it intends to provide a further update in due course.

How much do you know about hackers and viruses? Try our quiz!