Cyberattacks May Be Career-Ending Injury for Unprepared Sports Stars


Data security and privacy threats are prevalent in professional sports. A recent data leak involving the National Football League Players’ Association website and break-ins of international drug screening facilities highlight the problem. The bottom line, sports stars have a digital bulls-eye on their back. Cybercrime threats could cripple sport stars’ future earnings and cause irreparable reputational harm if they don’t increase their data security, Roderick Jones, founder of cybersecurity company Rubica Inc. and former member of Scotland Yard’s Special Branch, told Bloomberg Law.

Gone are the days of old-school pranks when fans would seek out a player’s hotel location and pull the fire alarm to distract a player before a big game. Instead, hackers are seeking out sensitive medical information, gaming profiles, hotel locations, food preferences, and drug screening results, to sell on the dark web or hold over a player for a quick profit, Jones said. This data can be used in a variety of ways to wreak havoc on a sports star, he said. 

The financial gain from a professional athlete hack can be high, Jones said. For example, Detroit Lions quarterback Matthew Stafford recently signed a 5 year-$135 million contract extension making him one of the highest-paid players in the NFL, according to Spotrac. If a hacker was able to use information gleaned from the NFLPA data leak against Stafford, the financial reward could be higher than many small businesses, Jones said. In fact, many athletes in other sports, such as the National Basketball Association’s Steph Curry and LeBron James, are worth much more than most small businesses, he said. Because of this value athletes should reach out to team ownership for data security assistance because the impact of a player hack can also reverberate up the chain and effect team value as well, he said.  

Athletes are also in hacker’s sights due to their cultural prominence, Jones said. Unlike Dick Butkus and Joe Namath, sports stars today store much of their personal data online through Twitter Inc. profiles, gamer accounts, and other social media pages. The focus on athletes, like Hollywood celebrities that have been exposed in data breaches, may be to just uncover secret information that may not be obtained elsewhere. But the long-term reputational stakes are much higher now, Jones said. 

This is why athletes need to protect their online profiles and other digital content, so down the line they aren’t harmed by careless data security mistakes, Jones said.  Sports stars should follow basic cybersecurity hygiene practices such as using two-factor identity authentication, employ encryption protections for sensitive information, and hire outside cybersecurity companies to audit for website and other data security vulnerabilities.

Sports-related data security risks aren’t just for American football. Recently, international soccer governing body FIFA received a letter from England Football Federation (FA) highlighting data security concerns leading up to the 2018 World Cup in Moscow. The letter to FIFA cited a malware attacked launched by the Russian hacking group Fancy Bear. In response to FA’s letter, FIFA told Bloomberg Law that it doesn’t provide cybersecurity advice to national soccer clubs and that it relies on third party vendors for its cybersecurity protections. 

With all eyes on the sports world, athletes and teams need to up their cybersecurity game or they may be headed to the data security bench sooner rather than later. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.