Dutch police arrested a 35-year-old man suspected of repeatedly breaking into Ajax Amsterdam's computer systems earlier in 2026. Ajax previously said the attacker exploited vulnerabilities in its IT systems to access data on a few hundred people, while reporting indicated exposed application programming interfaces (APIs) and shared keys could let someone view more than 300,000 accounts, alter 538 supporter stadium bans, and reassign 42,000 season tickets; no CVE was cited.
Why it matters: This matters to Ajax fans and the club because the intrusion reportedly reached both personal data and operational controls like bans and ticket transfers. Anyone affected should watch for account abuse or phishing, and organizations should review exposed APIs, shared credentials, and access controls in customer and ticketing systems.
2026.05.27
99% relevant
This article covers the same underlying Ajax breach and adds that Dutch police arrested a 35-year-old suspect in Buren, searched his home, and seized digital storage devices; it also reiterates that the intrusion involved an unpatched vulnerability and may have affected far more supporters and season tickets than Ajax initially disclosed.
Sergiu Gatlan
2026.05.27
100% relevant
This article establishes a distinct story by tying the previously disclosed Ajax intrusion to a suspect arrest and restating the scope and impact of the breach on fan data and ticketing systems.
← Back to all stories