What organization is investigating a data leak?

The Welsh Rugby Union (WRU) is investigating a data leak involving data from some of its official supporters’ club members.

What types of data were exposed in the WRU data leak?

The exposed data includes full names, dates of birth, home addresses, phone numbers, email addresses, dates of membership purchase, methods of payment for membership, and types of membership purchased.

What actions are being taken in response to the WRU data leak?

The WRU assured that the data has been removed from the online source and is conducting a thorough investigation. They are complying with the Information Commissioner’s Office (ICO) reporting requirements. The third-party service provider is also conducting an in-depth inquiry.

Incident

Welsh Rugby Union supporters' club member data leaked through an unsecured AWS S3 bucket

Q: What caused the data leak involving WRU supporters' club members?

The data leak resulted from a publicly accessible Amazon Web Services (AWS) Simple Storage Service (S3) bucket.

Q: How many text files and member details were exposed in the WRU data leak?

The leak exposed 1,419 text files containing details of 69,317 members.

Q: Were passwords or payment information compromised in the WRU data leak?

No, the WRU confirmed that no passwords or payment information were compromised.

published: May 25, 2024

Learn More

The Welsh Rugby Union (WRU) has launched an investigation into a data leak involving data from some of its official supporters’ club members, which was held by a third-party service provider. The leak reportedly resulted from a publicly accessible Amazon Web Services (AWS) Simple Storage Service (S3) bucket that exposed 1,419 text files containing details of 69,317 members.

The exposed data includes:

Full names
Dates of birth
Home addresses
Phone numbers
Email addresses
Dates of membership purchase
Methods of payment for membership
Types of membership purchased

The WRU assured that the data has been removed from the online source and confirmed that no passwords or payment information were compromised. They are conducting a thorough investigation and complying with the Information Commissioner’s Office (ICO) reporting requirements. The third-party service provider is also conducting an in-depth inquiry.

Welsh Rugby Union supporters' club member data leaked through an unsecured AWS S3 bucket

Read More
Brightpoint social services agency reports data breach
Hong Kong Programming Society servers breached, data stolen …
Delaware Libraries reports ransomware attack by RansomHub gang
Qilin Ransomware Group Targets German Political Party Die …
Melwood Ransomware Attack and Data Breach