Man Arrested for trying to sell Pep’s hacked emails

[Manchester33]

Another example - Oxbridge educated Vicky Kloss is Chief Communications Officer at the club.
Yet on foreign trips she is the biggest source of cybersecurity weakness in the entire enterprise as she repeatedly flouts internal security rules and standards.
A rogue operator could hack into City via targeting Ms Kloss.
And she used to work for the police!!!
Cybersecure she is not."
"

https://footballisfixed.blogspot.com/2019/12/3-posts-of-corruption-past-present-yet.html?m=1

This is shoddy 'reporting' from the author. Can they give examples of Ms Kloss' cybersecurity weakness? 'She repeatedly flouts internal security rules and standards' is a hell of a statement. What are these rules and standards that she's flouting? When did she flout them and most importantly, how does the reporter know this?

It's not backed up by facts or evidence, so IMO it's all a load of rubbish.

Anyone could make these accusations about anyone, e.g. Steve Mcgraph is the head of security, but he's also the best opportunity to hack Manchester City, he repeatedly flouts internal security rules and standards. A rogue operator could hack into City via targeting him. And he used to work for the police!!

....slap that on an edgy website and you've got a new scapegoat.

See where I'm going?

 

[Ban-jani]

The IT sector relies heavily on contractors so businesses are always at risk of data leakage, either intentionally or accidentally. This guy's career is over and hopefully City push for jail time as that will send a message to anyone else thinking about doing the same. The contractor seemingly was employed by a consultancy so I do hope they have the necessary insurance to cover their employee's actions. That said, you can employ as much security as you want, there simply isn't a way of totally preventing this kind of act if someone wants to do it. Hopefully everyone at City has been briefed about the security weakness of emails and not to discuss or reveal sensitive info in them.

It’s the contractors responsibility to have insurance but that won’t cover him because he’s committed a crime. The agency won’t be at fault here, his Ltd Co. and he will be.

I work in contractor recruitment in IT and Business Change.

 

[Dave Ewing's Back 'eader]

https://recruitment.liverpoolfc.com/vacancies/jobs/view/496

Liverpool hiring in the Media/IT department :D

100s of millions of fans. I bet they have more 100s of millions than the 650 million the Rags claimed - or was that 650 billion? Do they have Dianne Abbott doing the counting.

 

[crystal_mais]

Already been done I believe. Depending how long ago, it probably needs to be done again.
Not encrypting email data at rest is so amateur it's scary.
Still they have two email security firms on the case at the moment so maybe lessons have been learnt.

Its mental but i'd be doing a full security review including Pen testing all apps/systems etc -

 

[bobbyowenquiff]

The IT sector relies heavily on contractors so businesses are always at risk of data leakage, either intentionally or accidentally. This guy's career is over and hopefully City push for jail time as that will send a message to anyone else thinking about doing the same. The contractor seemingly was employed by a consultancy so I do hope they have the necessary insurance to cover their employee's actions. That said, you can employ as much security as you want, there simply isn't a way of totally preventing this kind of act if someone wants to do it. Hopefully everyone at City has been briefed about the security weakness of emails and not to discuss or reveal sensitive info in them.

This dishonest amateur will probably go to jail. Unlike the person who systematically stole far more sensitive information from our scouting network on hundreds of occasions...and was then promoted to Liverpool's Head of Recruitment.
Surely the FA will have to investigate all these incidents. They threw the book at Bielsa and Leeds after one of his staff spied on a rival team by watching a training session from the bushes!

 

[George Hannah]

Bloody hell.

I take it the club are aware of this now.

VK doesn’t come out well if they are correct.

I wonder who the three players were/are.

be careful with your use of initials

 

[BlueAnorak]

Incidently, senior bosses who don't understand IT principles shouldn't be bosses. There are far too many who are clueless.

 

[bobbyowenquiff]

Not that I believe a lot of what they post but that "Football is Fixed" Twitter account alluded to people inside our organisation working against us early in the season.

There is a lot of crazy stuff on the Football is Fixed blog but it does seem there are also some nuggets of truth. It has been accurate over our total lack of cyber security. The tech side of the club seems pretty shit in lots of places. And as many have been saying on this forum for years we have got communications problems in many areas. That blog claims it is a management structural issue and, even looking from outside, that seems a plausible theory.

 

[TheRemainsOfTheDave]

It’s the contractors responsibility to have insurance but that won’t cover him because he’s committed a crime. The agency won’t be at fault here, his Ltd Co. and he will be.

I work in contractor recruitment in IT and Business Change.

I work as a contractor via a PSC but did this guy definitely work in the same way or as a consultant via a consultancy? It would seem weird for the article to mention the ending of "its relationship with the IT firm" and not specify he WAS the IT firm. Maybe it's just the way I read it.

 

[BlueAnorak]

The biggest IT security risk (email wise) is senior bosses wanting to be able to read their employees emails. This tends to leave email data at rest unencrypted as they aren't prepared to pay for an electronic key store solution.