Leeds United apologise as supporters victims of cyber-attack
Leeds United have made an announcement following news of a cyber-attack in recent weeks at Elland Road.
The Whites have become the latest EFL club to fall victim to hackers, with what a statement described as “a small number of customers” affected by card detail leaks.
Leeds have been among several from the Championship affected in recent months.
The discovery of the breach of information led Leeds to employ an external team of forensic investigators to get to the bottom of the issue.
Leeds United cyber-attack plagues supporters
Leeds United are not the first EFL club to suffer an IT breach similar to this one, with breaches at Bristol City and Sheffield Wednesday leading the league governing body to issue a warning to its member clubs (Daily Mail).
Charlton Athletic also reported a security breach earlier this season, back in September.
Leeds are still undertaking the due process to ensure no supporters remain affected by the implementation of their preventative and protective measures moving forward.
A Leeds statement on Tuesday (4 March) read: “Leeds United suffered a cyber-attack between 19 and 24 February 2025, targeting the retail website, resulting in the card details of a small number of customers being compromised.
“The club has communicated with all of those directly impacted and is continuing to work with the Information Commissioner’s Office. A forensic investigation was undertaken by a specialist third-party as soon the club discovered the breach, and measures were implemented to stop and recover from the attack.
“The club is disappointed that the attack was successful despite layers of cyber security, and offer our sincere apologies to anyone who has been adversely affected.”
Clubs including Leeds are usually very alert with action such as this to prevent hackers and cyber-attackers from obtaining private information – particularly with the large supporter and customer base its retail sites do business with on a daily basis.
Leeds fans should stay alert to ‘club official’ emails
Leeds United supporters – and those of any club – have been warned by several clubs in the past to be vigilant with emails and other correspondence they may receive.
If it purports to be from a club official, only proceed with any action involving personal details if 100 per cent sure it is a secure process.
| EFL clubs to suffer an online security breach in 2024-25 | Division |
| Leeds United | Championship |
| Sheffield Wednesday | Championship |
| Bristol City | Championship |
| Charlton Athletic | League One |
As was the case with their fellow Championship competitors Bristol City and Sheffield Wednesday of late, as well as Charlton in League One, the clubs concerned have acted swiftly to ensure supporters are protected.
Fans very regularly use online portals for card transactions such as those for ticketing, retail, membership and charitable donations, plus much more.
Leeds owners 49ers Enterprises have made plans for infrastructural investment this season already and may look now to plough further funds into improving security.