Football Cybersecurity: Yes, Both Gridiron and the Beautiful Game


Football. Whether you’re a fan of the kind led by the likes of Pele, Ronaldo, and Neymar or the kind mastered by Jim Brown, Jerry Rice, and Russell Wilson, both kinds of football command a legion of followers. As multi-billion-dollar/Euro/British pound industries, football teams in both the Premier League and the National Football League handle sensitive information that needs to be protected at all costs—like the goal or the end zone. That’s why football teams on both sides of the pond are taking the initiative to bolster their privacy and cybersecurity safeguards.

The New England Patriots—home of Tom Brady, one of the most dominant quarterbacks in NFL history—recently announced a partnership with email and data security company Mimecast Ltd. The partnership seeks to protect Patriots employee inboxes from phishing, malware, and other cyberattacks, the team said. If a fan can run off with Tom’s Super Bowl jersey (he did eventually get it back), then one can only imagine what a hacker might be able steal from players’ online accounts.

Across the Atlantic, East London-based Premier League football club West Ham United announced that it has partnered with U.K.-based digital forensics company Foregenix Ltd. to prepare for new European Union data privacy rules. 

Companies doing business in the EU have less than a year to comply with its new privacy regime, the General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The GDPR provides one EU-wide regulation to replace a more than 20-year-old directive that required each country to pass its own privacy laws. The GDPR will bring stricter standards for user consent to the use of their personal data, mandatory data breach notification, and fines as high as $20 million euros ($23.5 million) or 4 percent of a company’s annual worldwide income, among other things. Even with Brexit, the U.K. government plans to meet the GDPR requirements.

According to Foregenix, the partnership will protect the “huge amount of personally identifiable information” held by football clubs like West Ham United, including ticketing, fan membership, hospitality, and player medical data. For professional sports teams that rely on the players’ physical capabilities to win games and attract fans, player medical data is golden, and there have been instances of cyberattacks aimed at stealing such information. 

Speaking of stealing information, Major League Baseball banned the St. Louis Cardinals’ scouting director for life for hacking into the Houston Astros’s database nearly 50 times seeking an edge in recruiting.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.