Dutch police arrests suspect linked to Ajax football club hack

DUTCH POLICE ARREST SUSPECT LINKED TO AJAX FOOTBALL CLUB HACK

Overview

A 35-year-old man from the municipality of Buren was arrested by the Dutch National Police on the morning of Tuesday, May 26, 2026.
The arrest follows an investigation into multiple unauthorised intrusions into the computer systems of AFC Ajax (Ajax Amsterdam) earlier in 2026.
The case centers on deliberate computer trespass and unlawful access to Ajax’s IT infrastructure, with the suspect allegedly gaining access on several occasions.

The Arrest

Location and timing: The suspect was apprehended in Buren and taken into custody as part of an ongoing criminal investigation.
charges and scope: He is suspected of intentionally and unlawfully intruding into Ajax’s computer systems on multiple occasions.
Context of the arrest: The police acted after Ajax reported suspicious activity and after the investigation progressed to identify the individual involved.

What Happened at Ajax

Initial breach: In early 2026, Ajax detected unauthorized access to its computer systems. The attacker reportedly granted himself access to internal systems.
Data and access exposed: The intrusion enabled access to data belonging to several hundred individuals. The nature of the accessed data was not fully disclosed, but it is described as sensitive enough to prompt a formal notification to data protection authorities.
Potentially affected areas: The breach affected both fan data and internal controls, with specific mention of stadium-related decisions and ticketing processes.

Details of the Security Flaw and Exploitation

Stadium bans and ticketing: The vulnerability allowed modifying stadium bans imposed on fewer than 20 individuals and transferring purchased tickets to other people.
Broad data access via APIs: A widely exploited flaw reportedly enabled broad access to fan data through application programming interfaces (APIs) and shared keys.
VIP and season ticket manipulation: The attacker purportedly demonstrated the ability to reassign a VIP season ticket within seconds, illustrating the ease with which certain privileged data could be redirected.
Scale of potential impact: According to reports, the hacker could interact with data related to 538 supporter stadium bans, 42,000 season tickets, and more than 300,000 accounts.

Ajax’s Response and Follow-on Actions

Patching and remediation: Ajax has since patched the vulnerabilities that were exploited during the incident.
Notifications to authorities: The club notified the Dutch Data Protection Authority and the police as part of its response to the breach.
Ongoing safeguards: While specifics were not detailed, the emphasis was on securing the systems and preventing repeated unauthorized access.

Context and Related Incidents in the Netherlands

Prior cyber-related arrests (September 2025): The Dutch National Police previously arrested two teenage boys suspected of spying for Russia using a WiFi sniffer device near Europol and Eurojust offices, as well as near the Canadian embassy.
Broader cybercrime actions (recent years): Dutch financial crime investigators (FIOD) conducted operations resulting in the seizure of 800 servers linked to a hosting firm implicated in enabling cyberattacks, disruption campaigns, and disinformation activities.
The public security landscape: These incidents illustrate a pattern of cyber-enabled activity affecting high-profile targets and critical infrastructure, prompting ongoing investigations and system hardening by organizations and authorities.

Impact and Implications

Data exposure risk: The breach exposed data related to a significant number of individuals, raising concerns about privacy, potential misuse, and the need for robust access controls across sports organizations and other high-visibility institutions.
Operational disruption: Interference with stadium bans and ticket transfers points to the potential for real-world disruption and the need for secure identity and access management for event-related systems.
Trust and safeguarding measures: The incident underscores the importance of timely vulnerability disclosure, rapid patching, and coordinated response with data protection authorities to mitigate harm.

Closing Context

Ongoing investigation: The arrest marks a development in an active investigation into intrusions into Ajax’s digital infrastructure. Authorities continue to assess the scope of the breach and any additional individuals who may be implicated.
A snapshot of a broader trend: The Ajax case sits within a wider pattern of cyber incidents in the Netherlands, where both private entities and government-adjacent organizations face persistent cyber threats and associated enforcement actions.

Summary

The Dutch National Police arrested a 35-year-old man from Buren on May 26, 2026, in connection with multiple suspected intrusions into Ajax Amsterdam’s computer systems.
The breach involved unauthorized access, data exposure for hundreds of individuals, and the potential to manipulate stadium bans and ticketing arrangements.
Ajax has patched the vulnerabilities and notified relevant authorities; the investigation continues, with authorities and the club seeking to understand the full extent and implications of the breach.
The incident is part of a broader pattern of cyber activity in the Netherlands, with related arrests and actions in the years leading up to 2026, highlighting ongoing efforts to combat cyber threats across sectors.

DUTCH POLICE ARREST SUSPECT LINKED TO AJAX FOOTBALL CLUB HACK

Overview

A 35-year-old man from the municipality of Buren was arrested by the Dutch National Police on the morning of Tuesday, May 26, 2026.
The arrest follows an investigation into multiple unauthorised intrusions into the computer systems of AFC Ajax (Ajax Amsterdam) earlier in 2026.
The case centers on deliberate computer trespass and unlawful access to Ajax’s IT infrastructure, with the suspect allegedly gaining access on several occasions.

The Arrest

Location and timing: The suspect was apprehended in Buren and taken into custody as part of an ongoing criminal investigation.
charges and scope: He is suspected of intentionally and unlawfully intruding into Ajax’s computer systems on multiple occasions.
Context of the arrest: The police acted after Ajax reported suspicious activity and after the investigation progressed to identify the individual involved.

What Happened at Ajax

Initial breach: In early 2026, Ajax detected unauthorized access to its computer systems. The attacker reportedly granted himself access to internal systems.
Data and access exposed: The intrusion enabled access to data belonging to several hundred individuals. The nature of the accessed data was not fully disclosed, but it is described as sensitive enough to prompt a formal notification to data protection authorities.
Potentially affected areas: The breach affected both fan data and internal controls, with specific mention of stadium-related decisions and ticketing processes.

Details of the Security Flaw and Exploitation

Stadium bans and ticketing: The vulnerability allowed modifying stadium bans imposed on fewer than 20 individuals and transferring purchased tickets to other people.
Broad data access via APIs: A widely exploited flaw reportedly enabled broad access to fan data through application programming interfaces (APIs) and shared keys.
VIP and season ticket manipulation: The attacker purportedly demonstrated the ability to reassign a VIP season ticket within seconds, illustrating the ease with which certain privileged data could be redirected.
Scale of potential impact: According to reports, the hacker could interact with data related to 538 supporter stadium bans, 42,000 season tickets, and more than 300,000 accounts.

Ajax’s Response and Follow-on Actions

Patching and remediation: Ajax has since patched the vulnerabilities that were exploited during the incident.
Notifications to authorities: The club notified the Dutch Data Protection Authority and the police as part of its response to the breach.
Ongoing safeguards: While specifics were not detailed, the emphasis was on securing the systems and preventing repeated unauthorized access.

Context and Related Incidents in the Netherlands

Prior cyber-related arrests (September 2025): The Dutch National Police previously arrested two teenage boys suspected of spying for Russia using a WiFi sniffer device near Europol and Eurojust offices, as well as near the Canadian embassy.
Broader cybercrime actions (recent years): Dutch financial crime investigators (FIOD) conducted operations resulting in the seizure of 800 servers linked to a hosting firm implicated in enabling cyberattacks, disruption campaigns, and disinformation activities.
The public security landscape: These incidents illustrate a pattern of cyber-enabled activity affecting high-profile targets and critical infrastructure, prompting ongoing investigations and system hardening by organizations and authorities.

Impact and Implications

Data exposure risk: The breach exposed data related to a significant number of individuals, raising concerns about privacy, potential misuse, and the need for robust access controls across sports organizations and other high-visibility institutions.
Operational disruption: Interference with stadium bans and ticket transfers points to the potential for real-world disruption and the need for secure identity and access management for event-related systems.
Trust and safeguarding measures: The incident underscores the importance of timely vulnerability disclosure, rapid patching, and coordinated response with data protection authorities to mitigate harm.

Closing Context

Ongoing investigation: The arrest marks a development in an active investigation into intrusions into Ajax’s digital infrastructure. Authorities continue to assess the scope of the breach and any additional individuals who may be implicated.
A snapshot of a broader trend: The Ajax case sits within a wider pattern of cyber incidents in the Netherlands, where both private entities and government-adjacent organizations face persistent cyber threats and associated enforcement actions.

Summary

The Dutch National Police arrested a 35-year-old man from Buren on May 26, 2026, in connection with multiple suspected intrusions into Ajax Amsterdam’s computer systems.
The breach involved unauthorized access, data exposure for hundreds of individuals, and the potential to manipulate stadium bans and ticketing arrangements.
Ajax has patched the vulnerabilities and notified relevant authorities; the investigation continues, with authorities and the club seeking to understand the full extent and implications of the breach.
The incident is part of a broader pattern of cyber activity in the Netherlands, with related arrests and actions in the years leading up to 2026, highlighting ongoing efforts to combat cyber threats across sectors.

Dutch police arrests suspect linked to Ajax football club hack

More from the Blog

FBI warns of in-person data theft attacks from extortion gang

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

Windows 11 KB5089573 update released with performance improvements

Stay Updated

Dutch police arrests suspect linked to Ajax football club hack

More from the Blog

FBI warns of in-person data theft attacks from extortion gang

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

Windows 11 KB5089573 update released with performance improvements

Stay Updated