Premier League club almost lost £1m after email hack

Stephen Chapman's picture
by Stephen Chapman

The National Cyber Security Centre has revealed that cyber hackers have been targeting the UK’s sports sector.

The organisation says it demonstrates why the industry needs to tighten its cyber security.

In one example, an unnamed Premier League Club’s Managing Director had their emails hacked during a transfer negotiation. As a result the £1m fee would have fallen into the hands of criminals, had it not been for the intervention of the bank.

Another attack on an English Football League Club used ransomware, which crippled its corporate and security systems. It meant that CCTV and turnstiles were unable to operate, almost leading to a fixture cancellation.

NCSC’s first analysis of threats to the sports industry found that at least 70% of institutions suffer a cyber incident in just 12 months, that’s more than double the average for UK businesses.

“Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar,” said Paul Chichester, Director of Operations at the NCSC.

“While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.

“I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”

Within the horse racing industry, a member of staff at a UK racecourse agreed a £15k price for some equipment on eBay. However, the site was a spoofed version of eBay, and they were unable to recover the funds.

“The issue of cyber security is one all sports, including Rugby League, take seriously. As we grow our digital capabilities and online platforms, protecting the governing body, our members, customers and stakeholders is paramount,” said Tony Sutton, Chief Operating Officer at Rugby Football League.

Around 30% of the incidents led to “direct financial damage” which averaged at £10k, with the biggest single loss totalling more than £4m.