UK Sports Sector Targeted by Hackers: Report

July 23, 2020 Updated: July 23, 2020

Britain’s sports sector needs to tighten its cyber security to guard against hacking activities, the UK’s National Cyber Security Centre (NCSC) has warned.

The UK sports industry is a high-value target for hackers, the NCSC said in its first ever report on cyber threats to the sector.

At least 70 percent of institutions in the sector suffer a cyber incident every 12 months, more than double the average for UK businesses, the report said.

Approximately 30 percent of cyber incidents caused direct financial damage, averaging £10,000 ($12,700) each time, the report said. The biggest single loss was over £4 million.

In one incident revealed in the report, the emails of a Premier League soccer club’s managing director was hacked before a transfer negotiation. As a result, the £1 million fee almost fell into the hands of cyber criminals.

In another attack, the turnstiles of a football club were brought to a standstill and almost led to the cancellation of a match.

The threat mainly comes from cyber criminals with a financial motive, who typically take advantage of poor implementation of technical controls and “normal human traits such as trust and ineffective password policies,” the report said.

But the report also points to a small number of highly targeted attacks launched by hostile nation-state actors.

The most high-profile attacks were conducted by Russian Military Intelligence (GRU) against the World Anti-Doping Agency (WADA) in 2016.

Confidential medical data of gold medal-winning gymnast Simone Biles, seven-time Grand Slam champion Venus Williams, and other female U.S. Olympians was hacked from a WADA database and posted online.

As the sports sector recovers from the impact of the Chinese Communist Party (CCP) virus pandemic, the NCSC is urging sports organizations to put in place security controls and back up data.

“Our findings show the impact of cyber criminals cashing in on this industry is very real,” said Paul Chichester, director of operations at the NCSC.

“Sports bodies should listen carefully to this warning by the NCSC and take steps to improve their cyber security before it is too late,” said Oliver Dowden, the British government’s digital and sport minister.

“Simple steps taken today can save millions of pounds of losses tomorrow,” he said.

The NCSC has also revealed the extent of the cyber threat faced by the health care sector.

In a joint advisory issued on May 5 in collaboration with the U.S. Cybersecurity and Infrastructure Security agency, the NCSC exposed malicious cyber campaigns targeting international health care and medical research organizations involved in the CCP virus response.

British Foreign Secretary Dominic Raab expressed deep concerns on July 22 over evidence published by the U.S. Department of Justice of Chinese cyber attacks against medical and academic institutions in 11 countries including the UK.