back to article Manchester United working with infosec experts to 'minimize ongoing IT disruption' caused by 'cyber attack'

Manchester United is working with infosec pros to "minimize the ongoing IT disruption" that it says was caused by an assault on its tech systems. The New York Stock Exchange-listed football business confirmed the incident last night but didn't clarify the technical nature of it, and refused to answer questions posed by The …

  1. Disgusted Of Tunbridge Wells
    Facepalm

    > As such, today's game against West Bromwich Albion took place as scheduled.

    Took place? It better not have, I'm watching it at 8pm tonight.

    1. Martin Summers Silver badge

      Your username would suggest that you know exactly what to do if it did get changed without notice.

      1. Disgusted Of Tunbridge Wells

        Is Royal Tunbridge Wells known for its bonfires?

        1. Martin Summers Silver badge

          Well, providing the fuel for one I guess.

          1. Disgusted Of Tunbridge Wells
            Mushroom

            My comment was a reference to a Man Utd fan chant about the (hated) CEO and owners.

            Build a bonfire, build a bonfire, put the Glazers on the top, put Ed Woodward in the middle and burn the f*cking lot.

  2. Doctor Syntax Silver badge

    Why just stop at one of them?

    No, not a fan, why do you ask?

  3. Anonymous Coward
    Anonymous Coward

    Rehearsed?

    That sounds like the kind of line to come out of a manager that rewrote what he heard from another manager who asked the IT guy what to say.

  4. Khaptain Silver badge
    Trollface

    High tech attacks

    ""While details of this incident are unclear, since the outbreak of COVID-19 we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems."

    After a deep analysis and audit it was found that there were at least three emails recivzd by upper management that contained confidential information from Nigerians offering large sums of money in return for a simple task. The audit did not successfully manage to determine who actually opened the attachment but is was noted that the high end laptop was used by someonz at the CEO level or above.

    1. FlamingDeath Silver badge

      Re: High tech attacks

      So basically your average garden variety sociopath

      Apparently they’re supposed to have above average IQ

      BWaahahahaaa

    2. 2+2=5 Silver badge
      Joke

      Re: High tech attacks

      Your average Internet user can spot a Nigerian scam a mile off because the amounts of money involved are so ridiculously high.

      The average football club manager or agent can spot a Nigerian scam a mile off because the amounts of money involved are so ridiculously low.

    3. Disgusted Of Tunbridge Wells

      Re: High tech attacks

      The only reason Ed Woodward didn't send them any money is because he was still negotiating it upwards.

      £1m you say? We've got loadsamoney! How about £5m?

  5. Anonymous Coward
    Anonymous Coward

    Why inform the Information Commissioner’s Office if no information has been taken? They aren't the Police, they don't investigate these things until there is an actual breach. Why even announce it at all?

    1. Doctor Syntax Silver badge

      Because they're local and they seem to have something to do with this cyber attack stuff.

    2. Anonymous Coward
      Anonymous Coward

      My thoughts exactly... you don't need to talk to the ICO unless there is thought to be a breach affecting the sort of data the ICO worries about - personal. And even then there are cases when it doesn't have to be notified.

      "we are not currently aware of any breach of personal data associated with our fans or customers"

      No need to call the ICO then...

      Telling fibs or the experts they have brought in are umm not very expert?

      1. MJB7

        Why call the ICO?

        Probably because they can't yet *prove* that no information has leaked. There is no downside to telling the ICO the outlines of what they know, and considerable upside if it turns out they are wrong and information *has* leaked.

        1. FlamingDeath Silver badge

          Re: Why call the ICO?

          The question in my mind, did the callers manage to catch the ICO in-between their golf sessions?

        2. Anonymous Coward
          Anonymous Coward

          Re: Why call the ICO?

          It's possible I suppose for a well set up organisation with a clear definition of what they do and how they achieve the aims set out but this is the ICO.

    3. Anonymous Coward
      Anonymous Coward

      GDPR

      If there is a breach, breach reporting rules are set out in article 19. You do not need to report every incident relating to a lapse in security or integrity of a trust service. However, where you have reason to believe that an incident has or is likely to have a significant (more than minimal) impact on the trust service or the personal data you hold, you need to:

      - notify the ICO;

      - consider whether to notify your users; and

      - consider whether to inform anyone else who might be affected.

      If you are not sure about whether the impact of an incident is significant or not, it is safer to report the breach.

      You must notify the ICO within 24 hours of becoming aware of the breach, or sooner if it’s reasonable to do so.

  6. FlamingDeath Silver badge

    Social engineering techniques

    Click here for the chance to win a free iPad”

    Technique you say?

    No amount of technical mitigations can save someone from themselves

    2FA you say?

    Yeah the fucking dumb muppets will provide that as well

    I had to pass several tests before being allowed to be in control of a potentially dangerous weapon, the car

    Meanwhile, Mike from sales and Jill from Marketing already use a computer at home so of course they know what they’re doing....

    1. Doctor Syntax Silver badge

      Re: Social engineering techniques

      Provide a separate lan with its own separate internet connection for them then even if when someone gets control of one of their PCs they can only get at the rest of them so no damage done.

      1. NightFox

        Re: Social engineering techniques

        Is an 'Ian' an IT version of a Karen?

  7. Aussie Doc Bronze badge
    Pint

    Wow

    That was a lot of cybering in one article.

    Might grab a glass of cyber, erm, cider myself -------------------------->

  8. Anonymous Coward
    Anonymous Coward

    "In its Annual Report for fiscal year 2000, Man U said that as a high profile business its IT systems are at risk of attack."

    You'd have though they would have plenty of time to prepare then!

  9. Ian Johnston Silver badge

    "All critical systems required for matches to take place at Old Trafford remain secure and operational," it added. As such, today's game against West Bromwich Albion took place as scheduled.

    A spokesman for the club said there was nothing further to add at this stage and as such would not answer questions we asked about the variant of threat the club was forced to defend itself against.

    If there is one group which needs to be shunned by society even more than people who refer to "myself", it's people who use "as such" when they mean "therefore".

  10. Anonymous Coward
    Anonymous Coward

    "In its Annual Report for fiscal year 2000, Man U said its IT systems are at risk of attack."

    Incredible foresight! :D

  11. Anonymous Coward
    Anonymous Coward

    People are idiots

    It'll be ransomware and it'll be a dumb as a rock email that got them. However I await the standard declaration of it being, "a sophisticated cyber attack" and that "we take the protection of our customer's personal data very seriously".

    I have the senior members of staff (the board) being phished for their credentials regularly. Will they undergo even the most basic of training for 30min? No, of course they won't; but they all take cyber security 'very seriously' and are happy for it to sit right up high on the risk register as long as nothing about it ever bothers them.

    1. Falmari Bronze badge
      Joke

      The set piece

      Ransomware via an email that's the problem, United's defence are notoriously weak to the the set piece.

  12. This post has been deleted by its author

  13. Danny 2 Silver badge

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020