Police arrest man following hack of Ajax football club
Graham CluleyArchived May 29, 2026✓ Full text saved
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog.
Full text archived locally
✦ AI Summary· Claude Sonnet
INDUSTRY NEWS
2 min read
Police arrest man following hack of Ajax football club
Graham CLULEY
May 29, 2026
Promo
Protect all your devices, without slowing them down.
Free 30-day trial
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk.
According to a Dutch police statement, the unnamed suspect was arrested on Tuesday in Buren, on suspicion of repeatedly gaining unauthorised access to Ajax's IT systems.
When news of a possible security breach at Ajax first broke earlier this year, the club was keen to play down its scale - acknowledging that an outsider had gained unauthorised access to data, including supporters' email addresses, but suggesting that only a few hundred fans had been affected.
However, it quickly emerged that the claim of a "few hundred" potential victims was wide of the mark, as it was reported that the incident could have exposed the personal details of around 300,000 registered Ajax supporters.
In short, the number of supporters whose details were exposed was around 1000 times larger than the club's initial estimate.
The problem was linked to security weakness in the official Ajax app - used by fans to access their tickets, and allowing an attacker to reportedly view fans' personal details, steal and resell match and season tickets, and even view or alter information about the roughly 500 people banned from attending matches.
For that last capability to fall into the hands of unauthorised parties was particularly troubling. It transpired that someone could silently remove individuals from the ban list (which would include those banned due to hooliganism)- or add the names of innocent people to it.
As Bart Schermer, the professor of privacy and cybercrime at Leiden University, pointed out, a prospective employer might think twice about hiring someone banned from attending football matches - leading to the possibility that the vulnerability in Ajax's app could be weaponised against individuals.
Ajax says that it has worked with external experts to patch the vulnerabilities, and has strengthened its security. Which is obviously good news, but little relief for those whose data might have already been accessed.
It is easy to imagine that just a database of email addresses linked to football fans could be attractive to scammers who might launch phishing attacks posing as ticket offers, refunds, or special promotions to supporters.
TAGS
industry news
AUTHOR
Graham CLULEY
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all posts
RIGHT NOW
TOP POSTS
SCAM
HOW TO
Scammer phone number lookup. How to check if a phone number is a scam
April 19, 2024
INDUSTRY NEWS
How any Instagram account could be hacked in less than 10 minutes
July 15, 2019
SCAM
DIGITAL PRIVACY
HOW TO
How scammers gain access and hack your WhatsApp account and what you can do to protect yourself
May 01, 2024
INDUSTRY NEWS
DATA BREACH
Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data
April 14, 2026
FOLLOW US ON
SOCIAL MEDIA
YOU MIGHT ALSO LIKE
INDUSTRY NEWS
Police arrest man following hack of Ajax football club
Graham CLULEY
May 29, 2026
2 min read
INDUSTRY NEWS
MyPillow listed on ransomware gang's leak site, but denies it has been breached
Graham CLULEY
May 28, 2026
2 min read
INDUSTRY NEWS
FBI warns criminals impersonating IT support to breach law firms
Silviu STAHIE
May 28, 2026
3 min read
BOOKMARKS
You have no bookmarks yet. Tap to read it later.