Hackers are increasingly looking towards Premier League clubs in a nationwide targeting of the UK's sports sector, Britain’s National Cyber Security Centre (NCSC) warned on Thursday.
In a report outlining what it described as "a range of attacks by hackers", the NCSC said the emails of a Premier League team's managing director were hacked prior to talks as part of transfer agreements, which almost saw £1 million ($1.27 million) almost fall into the hands of cyber criminals.
The NCSC described the sports sector as “a high-value target” for attackers, claiming that at least 70% of Britain’s sports institutions suffer a cyber incident every 12 months - double that of UK businesses.
Around 30% of those incidents surveyed had seen financial damage, with an average cost of £10,000 per attack, with the biggest single loss reaching £4 million.
Incidents included an attack that brought the turnstiles of a football club to a halt and almost led to the cancellation of a match. Another included a member of staff at a racecourse losing £15,000 in an eBay scam.
The report also revealed that an employee at an organisation holding athlete performance data had their email address hacked, giving the attackers access to sensitive information for several months.
As the sector begins to recover after seeing leagues and championships temporarily cancelled due to the coronavirus pandemic, the NCSC called on operators to consider their cybersecurity.
“While cyber security might not be an obvious consideration for the sports sector as it thinks about its return (from the coronavirus outbreak), our findings show the impact of cybercriminals cashing in on this industry is very real", said Paul Chichester, director of operations at the NCSC said in the report.
Chichester added that he would urge sporting bodies to "use this time to look at where they can improve their cybersecurity”.
Hugh Robertson, chair of the British Olympic Association, described the caution as "critical" and a “crucial first step” in aiding sports organisations to better understand and evaluate threats and improve their security.
None of the affected clubs and individuals nor those who were behind the attacks were named.