After hackers nearly stole $1M from soccer team, UK agency warns of sporting sector’s vulnerabilities

Another soccer team suffered a ransomware attack that cost the club hundreds of thousands of dollars.
A soccer match at Anfield, home to Liverpool Football Club. A new report says British sporting organizations that are hacked could pay a heavy price for it. (Pixabay)

As one of the most popular soccer leagues on the planet, the English Premier League rakes in billions of dollars every year, in part by attracting star players through a cutthroat transfer market. The multimillion-dollar negotiations can make or break a season.

Suffice to say that sending more than a $1 million to a fake team for a player they don’t have would be a setback.

That’s nearly what happened to one of the league’s teams, though, after scammers hacked into the email account of the club’s managing director, according to a report released Thursday by the U.K.’s National Cyber Security Centre. The only thing that stopped the money transfer from going through was a fraud marker on the crooks’ bank account. Government officials did not specify which team was targeted.

It is one of a handful of security incidents in a report that U.K. cybersecurity experts are using to highlight how various types of hacking can jeopardize sporting revenue. The findings underscore how, despite greater awareness of cyberthreats, British sporting organizations that are hacked could pay a heavy price for it.


Seventy percent of the 57 sporting organizations surveyed by the NCSC had experienced at least one “attack” per year, the agency said, compared to a 32% average across British businesses. Of the cyber incidents that caused financial damage, the average loss was over $12,000, the report said.

In one case highlighted by the NCSC, a soccer team in one of the divisions beneath the Premier League level suffered a crippling ransomware attack that disabled stadium turnstiles and security cameras, according to the report. A game was almost canceled, and the incident cost the club “several hundred thousand pounds” in lost income and recovery fees, according to the report.

After a long break from games because of the coronavirus pandemic, British officials are telling sports teams to tighten up their security so they avoid similar incidents in the future.

“I would urge sporting bodies to use this time to look at where they can improve their cybersecurity – doing so now will help protect them and millions of fans from the consequences of cybercrime,” Paul Chichester, the NCSC’s director of operations, said in a statement.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts