Skip to content

Premier League transfer deal targeted by hackers, says cybersecurity report

Premier League managing director had email address hacked during transfer negotiation, report shows

MANCHESTER, ENGLAND - APRIL 27: An official Nike Premier League match ball on April 27, 2020 in Manchester, England (Photo by Visionhaus)

Professional sports organisations have been urged to tighten their cybersecurity after it was revealed hackers attempted to sabotage a Premier League transfer deal.

The National Cyber Security Centre (NCSC) said the email address of a Premier League club's managing director had been hacked during a transfer negotiation and only intervention from the bank prevented the club losing around £1m.

It was one of several incidents highlighted as evidence that sport needed to improve its cybersecurity as it faced increased pressure from cybercriminals - another breach saw a Football League club hit by ransomware which cut off its security systems, blocking turnstiles, and almost resulting in a fixture postponement.

The Cyber Threat to Sports Organisations report also revealed that a member of staff at a racecourse lost £15,000 after attempting to buy groundskeeping equipment from a spoofed version of eBay.

The NCSC said its report found hackers were trying to compromise sporting organisations on a daily basis, often by targeting business email or using ransomware to shut down critical systems.

It has urged clubs and businesses to put security measures in place and back up data to help prevent such incidents.

Paul Chichester, director of operations at the NCSC, said: "Sport is a pillar of many of our lives and we're eagerly anticipating the return to full stadiums and a busy sporting calendar.

Also See:

"While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real.

"I would urge sporting bodies to use this time to look at where they can improve their cybersecurity - doing so now will help protect them and millions of fans from the consequences of cybercrime."

Please use Chrome browser for a more accessible video player

The PFA's Iffy Onuora believes more should be done to police social media after the racial abuse suffered by Wilfried Zaha and David McGoldrick

According to the report, around 30 per cent of incidents caused direct financial damage, averaging around £10,000 each time, with the biggest single loss being over £4m.

More than 70 per cent of those businesses surveyed said they had experienced at least one incident in the past year, with 30 per cent saying they had witnessed more than five in that time.

Sir Hugh Robertson, chair of the British Olympic Association said in the report: "Improving cybersecurity across the sports sector is critical.

"The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cybersecurity practices."

Oliver Dowden is Secretary of State for Digital, Culture, Media and Sport
Image: Oliver Dowden feels reassured by the work of the National Cyber Security Centre

Tony Sutton, chief operating officer at the Rugby Football League said it was taking the issue "seriously".

"As we grow our digital capabilities and online platforms, protecting the governing body, our members, customers and stakeholders is paramount," he said.

"We welcome the NCSC report and the guidance it offers the sports sector."

Digital and Sport Secretary Oliver Dowden added: "The UK boasts a world-beating sport sector and I am pleased the NCSC is supporting the industry to protect customers and minimise online risks through our National Cyber Security Strategy."

Super 6: Who makes play-offs? Who goes down?
Super 6: Who makes play-offs? Who goes down?

Do not miss your chance to land the £250,000 for a sixth time this season on Wednesday. Play for free, entries by 6pm.