WEST HAM UNITED could face a data breach probe after a security snafu exposed the email addresses of season ticket holders.
Fans of beloved West Ham took to Twitter to complain about the screw-up, which saw the club accidentally CC the email address of more than 500 away season ticket holders in a message sent out to confirm tickets for next week’s League Cup clash at AFC Wimbledon.
West Ham’s email to away season ticket holders confirming their ticket for Wimbledon has cc’d in every single person who has got the ticket.
Massive data breach for a top PL club. Fine can be up to 4% of annual income. Hugely embarrassing for club.
— Jack Lebeau (@JackLebeau66) August 23, 2018
Incredibly, in a follow-up email sent six hours later to apologise for the error, the club accidentally shared fans’ email addresses again, according to a Twitter user.
West Ham sharing 500 odd email addresses. Tried to rectify it, and in doing so shared the addresses again.
Typical West Ham. Shambles.
— Nick Marsh (@MarshyBoy26) August 23, 2018
“You may have received an email that included a segment of email addresses of those who were also successful in the ballot,” the follow-up email read.
“The Club apologises that this information as inadvertently included and has reported this matter to the Information Commissioner’s Office (ICO).
“The email was recalled where possible and we ask that if you did receive this email to please disregard it immediately. Beyond your email address, no other information has been shared.”
Under the EU’s newly-enforced GDPR privacy rules, West Ham United could face a fine of up to 4 per cent of its global annual turnover if the ICO rules that the snafu breached the regulation.
“We are aware of an incident involving West Ham United FC and are making enquiries,” an ICO spokesperson said. µ
Source : Inquirer