Written by Sean Lyngaas
As one of the most popular soccer leagues on the planet, the English Premier League rakes in billions of dollars every year, in part by attracting star players through a cutthroat transfer market. The multimillion-dollar negotiations can make or break a season.
Suffice to say that sending more than a $1 million to a fake team for a player they don’t have would be a setback.
That’s nearly what happened to one of the league’s teams, though, after scammers hacked into the email account of the club’s managing director, according to a report released Thursday by the U.K.’s National Cyber Security Centre. The only thing that stopped the money transfer from going through was a fraud marker on the crooks’ bank account. Government officials did not specify which team was targeted.
It is one of a handful of security incidents in a report that U.K. cybersecurity experts are using to highlight how various types of hacking can jeopardize sporting revenue. The findings underscore how, despite greater awareness of cyberthreats, British sporting organizations that are hacked could pay a heavy price for it.
Seventy percent of the 57 sporting organizations surveyed by the NCSC had experienced at least one “attack” per year, the agency said, compared to a 32% average across British businesses. Of the cyber incidents that caused financial damage, the average loss was over $12,000, the report said.
In one case highlighted by the NCSC, a soccer team in one of the divisions beneath the Premier League level suffered a crippling ransomware attack that disabled stadium turnstiles and security cameras, according to the report. A game was almost canceled, and the incident cost the club “several hundred thousand pounds” in lost income and recovery fees, according to the report.
After a long break from games because of the coronavirus pandemic, British officials are telling sports teams to tighten up their security so they avoid similar incidents in the future.
“I would urge sporting bodies to use this time to look at where they can improve their cybersecurity – doing so now will help protect them and millions of fans from the consequences of cybercrime,” Paul Chichester, the NCSC’s director of operations, said in a statement.