Aston Villa is aware of recent news reports of a publicly accessible AWS S3 bucket which reportedly contains fan membership data.
First and foremost, Aston Villa takes the privacy and security of its fans’ personal data extremely seriously and is carrying out a full and robust investigation into these reports, led by its Data Protection Officer and supported by the Club’s incident response team.
The Club believes that the reports relate to a vulnerability on one of its service provider’s systems, which the Club understands has been closed. We are informed by our service provider that no password or payment data has been compromised. The Club continues to work closely with the service provider, who is carrying out its own forensic investigation.
The Club would like to reassure its fans that it is taking all appropriate measures to ensure that their data is secure, including reporting the incident to the Information Commissioner’s Office (ICO). The Club will continue to communicate any updates from the ongoing investigation.
Updated 28 May 2024