#Privacy: EA exposes the personal data of 1,600 gamers

The personal data of 1,600 gamers who registered to take part in a competition, have been leaked by Electronic Arts. 

The competition’s website, EA’s FIFA 20 Global Series was launched on October 3, to which a glitch had been identified by the gamers straight away. 

Gamers who had signed up were asked to enter their personal information to verify their EA account details,  onto what was supposed to be an empty online form. However, the form displayed the personal information of other gamers who had already signed up for the competition. 

According to screenshots posted online. the leaked data included player IDs, birthdays, email addresses and country of origin.

The website was allegedly taken down half an hour after it had been launched, however by then approximately 1,600 gamers had already registered. 

Ironically, the data leak occurred shortly after EA Games had announced that as part of the UK’s National Cyber Security Month, users who had switched on two-factor authentication would get free access to an Origin Access Basic subscription for four weeks.

In a statement published on Twitter, the company said: “We were able to root cause the issue and implement a fix to be clear that information is protected. We’re confident that players will not see the same issues going forward.”

EA have stated that they are taking steps to contact gamers whose data was leaked. 

“Player privacy and security are of the utmost importance to us, and we deeply apologize that our players encountered this issue today.”

The registration will be set to reopen in the “coming days” but for now it will remain closed.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/