Due to a security concern, the mechanism we use to protect Team Captain contact information on the site has been updated.

No known data breach has occurred, but a report was received that the contact details were visible to a Team Captain without re-entering the new season password.

We believe that the circumstances surrounding this were due to the page having been visited before, but it was outside the expected time limit for remaining unlocked. Multiple tests were carried out and we verified the use of the password was required to access the data, and the issue was down to how the unlocked state persisted for this user.

Whilst the system remained secure we decided to implement changes to reduce the risk of the unlocked state persisting beyond an acceptable level to authorised users.

You will now find a link on the Contacts page that loads the secure contact page separately. This page is protected by the same password previously provided and expires automatically at the end of the season.

Once you have entered a valid password it will remain unlocked for around an hour after you last visited the page before locking with the password again. We are aware that for browsers like Edge, Chrome and Firefox, it is possible to close and re-open the browser and the unlocked state to remain. These changes should help enforce the time out.

There are still additional levels of protection in place to protect against repeated attempts to find the password, as well as all data being encrypted between our server, and your browser, as well as encrypted in backups and strict secure logons for admins with 2nd factor verification.

We will continue to monitor the situation and make any further necessary changes to ensure data is secure.

If anyone has any questions or concerns, please do get in touch via the contact form. We take the protection of data seriously.