The UK’s cyber security agency is assisting United, whose computer systems have been crippled, but the club insists it was not ‘aware of any breach of personal data associated with our fans and customers’.
As of Thursday night, club staff still did not have access to email, and some other functions were also unavailable.
A spokesperson said: ‘The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand impact.’
The full repercussions of the attack are as yet unknown, but a leading cyber-security expert told the Daily Mail that United are likely being held to ransom for a significant sum of money.
The expert said: ‘The fact that this is still going on a week after the first attack proves it’s sophisticated, not some little virus that has got in
‘There are no good news stories coming out. It’s the embarrassment as well. They’re the biggest club in the world and someone has pulled their pants down.
‘If the virus is ransomware there will be a demand for money. I would put my house on it being in the millions, and 99 times out of 100 it’s Bitcoin (cryptocurrency) because that is the hardest to trace.
‘If they’ve encrypted United’s data — converting it to code or symbols to ensure it cannot be understood — they will say to the club: ‘If you don’t pay the ransom, we’re not going to lift the encryption.’
On Thursday, meanwhile, the Premier League side reiterated they were not currently aware of any fan data being affected.
The club said it would not comment on who was ‘responsible for this attack or the motives’.
The statement continued: ‘This attack was by nature disruptive, but we are not currently aware of any fan data being compromised.
‘Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal.’
Last week, United informed the Information Commissioner’s Office, as required. They could face a fine from the data regulator if fan data is compromised as a result of the cyber attack.
Earlier this month, Ticketmaster was issued a £1.25 million fine for failing to keep its customers’ personal data secure in a 2018 attack.