GNK Dinamo has launched an internal investigation after receiving notification of a possible security incident and has engaged external, independent security and other experts to determine the circumstances of the incident. According to currently available information, the incident did not occur directly on GNK Dinamo websites. The incident is of limited scope and according to information we have from the data processor, there is no danger of other similar incidents. All necessary actions are currently being taken to further strengthen the security of all data.

No card or password data was affected. We always appeal to everyone to be careful of suspicious and fake messages (emails) in today's challenging technological environment; to be careful with their passwords and change them regularly, ensuring they are sufficiently complex. According to current information, the incident affected limited categories of personal data which vary depending on the individual (member); name, surname, personal identification number, contact details and other data if the individual left it in the system. Additionally, the mentioned categories of personal data were not affected for all individuals (members), which is why notification of those affected by the incident will also be carried out via email.

In case of any concerns about data or questions, please contact our Data Protection Officer at: [email protected]

The priority of GNK Dinamo has always been and remains the protection of all our members' data, transparent public information and taking all necessary measures in accordance with personal data protection regulations.

GNK Dinamo previously informed the public about an incident that affected the personal data of some of our members. The incident is closed. The internal investigation for which GNK Dinamo engaged external, independent security and other experts revealed details of the incident. The incident occurred on multiple occasions during 2026, and the publication of exfiltrated data was carried out by an unknown perpetrator in May 2026 when the data was published on the dark web. It was of limited scope, meaning it affected data of members who purchased tickets. All relevant authorities have been notified, including the supervisory body for personal data protection and the police as part of filing a criminal report.

No card or password data was affected. Previous notifications regarding the categories of data affected by the incident remain unchanged, i.e., these circumstances have not changed nor have new findings emerged. The data processor has confirmed that there is no danger of other similar incidents. All necessary actions are currently being taken to further strengthen cybersecurity both by GNK Dinamo and by partners.

We particularly note that one of the consequences of this incident may be increased phishing or fake messages. Phishing refers to internet fraud in the form of fake emails that appear to be sent by legitimate organizations (such as banks, public authorities or shopping websites), which lead recipients to share personal, financial or security data. In this way, fraudsters gain access to usernames, passwords or credit card data. In such emails, you are most often asked to download an attached document or click on a link.

Do not enter your personal data, credit card information, do not send copies of personal identification documents, card PINs, CVV codes from cards (last three digits on the back of the card), nor codes generated by mobile banking. Institutions such as banks, hotels, public authorities, etc. will not ask you to provide personal data via email without special identification and various verifications.

Example of phishing message