A FIFA 20 data leak has compromised the personal data of more than 1,600 players of the Electronic Arts (EA) video game franchise.
The breach involved a form used to sign up for the EA Sports FIFA 20 Global Series, a series of in-game tournaments that offers qualification to the eWorld Cup, EA’s premier esports tournament, and a shot at a $3m prize pool.
The form began showing personal information belonging to those that had already signed up to compete shortly after registration opened, exposing the email address, gaming ID, country of residence and date of birth of other competitors.
More than 1,600 players are believed to have had their personal data compromised, including professional and well-known players in the FIFA esports scene.
It took EA approximately 30 minutes to take the form down after players began complaining on social media.
“We’ve determined that approximately 1,600 players were potentially affected by this issue, and we are taking steps to contact those competitors with more details and protect their EA accounts,” reads a statement published on the EA Sports FIFA Twitter account.
FIFA 20 data leak: Has EA breached GDPR?
According to the United Kingdom’s Information Commissioner’s Office (ICO), under the General Data Protection Regulation (GDPR), a personal data breach occurs “whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable”.
Personal data, according to GDPR, is any information that would allow an individual to be identified.
In the wake of the leak, one user identified the owner of the information they were shown as NBA presenter Yani Ourabah, suggesting that the data compromised in the FIFA 20 data leak is enough to fall foul of GDPR rules.
My friend got a big pull in the Data Breach pack, Hashtag’s own Algerian Arrow, @YaniOurabah.
We’ll send you a birthday card.
What a mess. pic.twitter.com/IYMT1ieq4g
The State of Technology This Week
— George Hughes (@GeorgeHughes) October 3, 2019
If that is the case, EA has 72 hours to notify relevant authorities.
Verdict has reached out to EA to ask whether it has or plans to do so, and whether it is treating the FIFA 20 data leak as a breach of GDPR. We will update this article if we receive a response.
Under GDPR, regulators can issue fines of up to €20m or 4% of global annual turnover.
Airline British Airways was issued a record-breaking £183.4m fine by the ICO in July for a data breach that resulted in the theft of payment information belonging to 500,000 customers.
Given the smaller number of customers impacted and the type of data that was compromised, any fine issued to EA is likely to be significantly smaller.
Users must show caution when handing over data
While GDPR puts pressure on businesses to protect their customer’s personal information, Jake Moore, a cybersecurity specialist for ESET, has called on consumers to do more to protect their data.
“There are many ways to breach data within huge companies, including Electronic Arts, and this case is a reminder that we need to protect our personal data ourselves as much as we can,” Moore said.
While the data compromised may seem insignificant, even email addresses, date of births and location data can be exploited if it falls into the wrong hands, Moore warned:
“We must take care of our data where we can as it can be used by criminals in ways we may not usually think of such as identity theft.”
This can be avoided by using secondary email addresses, or altering your data slightly, Moore suggests. If this data happens to become compromised, at least your genuine personal information won’t end up in the hands of malicious actors.
FIFA 20 problems mount for EA
EA has faced criticism following FIFA 20’s release at the end of September, with many accusing the video game company of neglecting areas of the game that don’t allow it to generate additional revenue through microtransactions.
FIFA’s Ultimate Team mode, where players spend real money for virtual players that they can then field in their squad, has been the company’s main focus for a number of years.
However, game modes that do not generate recurring revenue, such as Career Mode, have received few updates in recent instalments.
The hashtag #FixCareerMode began trending on social media platform Twitter shortly after the game’s release. This was in response to a bug that causes top artificial intelligence-controlled teams field weak line-ups. Subsequently, teams are finishing the season in unrealistic positions.
Other reported problems include unusual questions in press conferences (a new feature in FIFA 2020’s career mode), poor match scheduling and squad positions unexpectedly changing, among others.
EA has acknowledged these problems, but has yet to give a date when it will fix the mode.