Most recently, Manchester United made headlines when the club fell victim to a disruptive hacking attempt that resulted in the cyber-criminals obtaining access to its systems. Although the club had been considered well-prepared for such an incident, the attack resulted in loss of functionality within the system, impacted employees’ access to business email and required shutting down areas for containment and preventing further damage.

As required by the GDPR, the club alerted the Information Commissioner’s Office (ICO) of the breach, however, the club advised that no customer or fan data was compromised, meaning there would be no associated fines for the incident likely to be enforced.

According to Info Security Magazine ‘the English Premier League, loved by football fans worldwide, is European football’s market leader, reaching revenues of £5bn pre-pandemic. Considered a high-value target for would-be attackers, a Premier League club has an infrastructure containing confidential transfer news, sensitive player information and large amounts of Personally Identifiable Information (PII) on customers and its fan base.’

The National Security Center (NCSC) recently played host in its first ever cybersecurity summit to sports organizations, advising an industry that sees more than double the average amount of cyber-incidents impacting businesses in the UK. In total, 11 top-flight clubs from the English Premier League were in attendance, typically used to competing against each other, but now training together to bolster their defense against cyber-attacks.

In another recent incident reported on Info Security Magazine stated that a cyber-criminal compromised the email account of the managing director of an unnamed club and attempted to hijack a £1m transfer deal, which was only thwarted by the company’s bank, saving much embarrassment. In both incidents, the NCSC worked with the clubs to understand the impact and reduce the threat of future attacks.

Common ways for cyber criminals to access information to hold it ransom would be performed in the following methods:

• Phishing - This strategy is commonly used to install malware to the software to allow ransomware attacks, usually via unauthorised access
• Leaked lists of credentials on the dark web - Hackers will utilise this available date to then access and take over systems
• Password spraying - A large list of common passwords are used to gain access, due to the automated nature this is easy to perform for hackers

Businesses of any kind must keep up to date with the latest systems, software and data protection means in order to prevent future online data breaches. Third party access is easy to overcome for experienced hackers, therefore ensuring you are one step ahead will lower the risks of jepardy.

If you have been a victim of a data breach, where your personal and sensitive information has been accessed and exposed without your consent, please get in touch with us today.