Premier League managing director had email address hacked during transfer negotiation, report shows
Thursday 23 July 2020 08:43, UK
Professional sports organisations have been urged to tighten their cybersecurity after it was revealed hackers attempted to sabotage a Premier League transfer deal.
The National Cyber Security Centre (NCSC) said the email address of a Premier League club's managing director had been hacked during a transfer negotiation and only intervention from the bank prevented the club losing around £1m.
It was one of several incidents highlighted as evidence that sport needed to improve its cybersecurity as it faced increased pressure from cybercriminals - another breach saw a Football League club hit by ransomware which cut off its security systems, blocking turnstiles, and almost resulting in a fixture postponement.
The Cyber Threat to Sports Organisations report also revealed that a member of staff at a racecourse lost £15,000 after attempting to buy groundskeeping equipment from a spoofed version of eBay.
The NCSC said its report found hackers were trying to compromise sporting organisations on a daily basis, often by targeting business email or using ransomware to shut down critical systems.
It has urged clubs and businesses to put security measures in place and back up data to help prevent such incidents.
Paul Chichester, director of operations at the NCSC, said: "Sport is a pillar of many of our lives and we're eagerly anticipating the return to full stadiums and a busy sporting calendar.
"While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real.
"I would urge sporting bodies to use this time to look at where they can improve their cybersecurity - doing so now will help protect them and millions of fans from the consequences of cybercrime."
According to the report, around 30 per cent of incidents caused direct financial damage, averaging around £10,000 each time, with the biggest single loss being over £4m.
More than 70 per cent of those businesses surveyed said they had experienced at least one incident in the past year, with 30 per cent saying they had witnessed more than five in that time.
Sir Hugh Robertson, chair of the British Olympic Association said in the report: "Improving cybersecurity across the sports sector is critical.
"The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cybersecurity practices."
Tony Sutton, chief operating officer at the Rugby Football League said it was taking the issue "seriously".
"As we grow our digital capabilities and online platforms, protecting the governing body, our members, customers and stakeholders is paramount," he said.
"We welcome the NCSC report and the guidance it offers the sports sector."
Digital and Sport Secretary Oliver Dowden added: "The UK boasts a world-beating sport sector and I am pleased the NCSC is supporting the industry to protect customers and minimise online risks through our National Cyber Security Strategy."
