Football clubs are targets of internet crimes

The same technology that is revolutionizing football clubs on the field and in business has opened a door that could cause major reputational, financial and even strategic damage to championships. Sports organizations are becoming targets due to the large amount of confidential information in systems, reports, analyses, strategies and even sensitive player data.

Player scouting (observation and analysis of data on each athlete), the use of GPS trackers and fitness monitors, fan relationship programs and all other work fronts that require applications make clubs accumulate personal data, which new oil for cybercriminals.

“Today sport is in the focus of cybercriminalswith the specific risk of possible exposure of confidential data such as contracts, athletes’ medical records and even information from their own supporters. Cybercriminals can gain access to accounts and financial transactions, potentially causing considerable financial losses. They can also fall victim to ransomware attacks that cause disruptions to club operations or a distributed denial of service (DDoS) attack that causes websites to go down, which can lead to the interruption of, for example, ticket sales, game broadcasts and any other type of digital service,” warns Camilo Gutiérrez Amaya, Head of the Research Laboratory at ESET Latin America.

O Paris Saint-Germain was the victim of a cyber attack in April of this year. In the case of the French team, the attack mainly affected its website and the ticket sales system for matches. The club immediately contacted people in its database to inform them of the incident and to confirm that there were no serious consequences. The case was not the first involving the Parisian team, which, in 2018, deposited 520 thousand euros in error after a phishing attack in which cybercriminals sent fake emails and diverted part of the team’s payment to Boca Juniorsfrom Argentina, by midfielder Leandro Paredes. The case happened about six months after PSG adopted fax usage in negotiations to mitigate the risks of leaking sensitive information.

On October 18, 2023, a cyberattack on Spain’s Real Sociedad affected the servers that stored sensitive data such as names, surnames, postal addresses, email addresses, telephone numbers and even bank accounts of the Basque club’s members and shareholders. Given the situation, the San Sebastián team suggested that those affected check their accounts in case there was any strange movement.

In late 2020, Manchester United were the target of a cyberattack on the eve of a Premier League match against West Bromwich Albion. At the time, the club stressed that “all critical systems required to host matches at Old Trafford remain secure and operational”, however, the events were not open to the general public due to restrictions related to the Covid-19 pandemic. The case was not the only one in the city: United’s arch-rivals, Manchester City was also a victim of a leak, specifically of its global scouting database, during the year 2013.

According to ESET, a global company specializing in proactive threat detection, for a football club, the consequences of being the victim of an attack can be diverse and very dangerous, such as damage to reputation and even loss of trust that results in suspension of sponsorships.

There may also be direct financial losses, from having to pay a ransom if you have been infected by ransomware – not a recommended practice – to the economic impact of restoring systems after suffering an attack, or the inability to sell tickets or coordinate matches.

Furthermore, there may be legal repercussions, as a leak or breach of personal data could result in significant fines or legal action by those affected. In the context of football, it would represent a very significant sporting disadvantage if tactics, strategies, player scouting reports or sensitive data linked to the performance of individual team members were disclosed.

“As in other industries, the integration of technology with football has produced more than positive transformations, which have impacted not only the playing field, but also the dynamics of management strategies, player performance and even the fan experience. Given this new scenario, clubs that implement these innovations must also be aware of the challenges associated with cybersecurity. Prioritizing the security of their information and systems is as fundamental as signing the latest player on the transfer market,” adds Amaya.

Website: