Ajax Confirms Data Breach After System Vulnerabilities Exposed

AFC Ajax has confirmed a data breach affecting parts of its digital systems, after both a hacker intrusion and a journalist’s investigation revealed significant security vulnerabilities.

In a statement released on Wednesday, the Dutch club said an unauthorised individual based in the Netherlands gained access to internal systems, exposing personal data belonging to a limited number of individuals. According to Ajax, the breach primarily involved the viewing of email addresses of “a few hundred people.” In a smaller number of cases, fewer than 20 individuals subject to stadium bans, more sensitive information, including names, email addresses and dates of birth, was accessed.

The incident has raised further concern after a journalist demonstrated additional weaknesses within the club’s systems. These included the apparent ability to transfer match tickets without proper authorisation and to alter stadium ban records, an issue that could have serious implications for matchday security and enforcement.

Ajax said it had contacted all affected individuals directly, stressing that those who did not receive communication were not believed to be impacted. However, the club acknowledged uncertainty over whether the accessed data may have been further distributed, urging supporters and stakeholders to remain vigilant against phishing attempts and suspicious emails.

“We believe it is important to be open and transparent about this,” the club said, while offering apologies for the breach and any inconvenience caused.

In response, Ajax launched an internal investigation supported by external cybersecurity experts. The club confirmed that identified vulnerabilities have since been patched and that additional security measures have been implemented to prevent further incidents. Authorities have also been notified, with the club reporting the breach to the Dutch Data Protection Authority and filing a police report.

Despite assurances that the breach was limited in scope, the revelation is likely to raise questions about the robustness of digital infrastructure within elite football organisations, particularly as clubs increasingly rely on online systems for ticketing and fan engagement.

Ajax has encouraged anyone with concerns to contact its fan services team, reiterating advice to avoid clicking on suspicious links or opening attachments from unknown senders.

_{Featured Image Credit: Unsplash / Winston Tjia}