Super Bowl Cyberattacks May Blitz Companies, Sponsors

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

The NFL’s Super Bowl attracts millions of fans but also is an inviting cybersecurity target against corporate sponsors and the participating teams, cybersecurity professionals told Bloomberg BNA.

Companies looking to benefit from Super Bowl exposure need to be aware of the risks that go along with the heightened visibility, Jeremy Samide, chief executive officer of Ohio-based cybersecurity company Stealthcare LLC, told Bloomberg BNA Feb. 2. Hackers see the Super Bowl “as a treasure trove of information” and may take advantage of the increased exposure and influx of data, he said.

The Super Bowl is the NFL’s premier American game and has been the most watched TV event in the U.S. for decades, Bloomberg data show. Approximately 111.9 million viewers throughout the U.S. tuned in to watch the Denver Broncos beat the Carolina Panthers in the 2016 Super Bowl, the data indicate.

There is big money to be made by hackers if they are able to infiltrate the information technology systems of the NFL, one of its teams or corporate sponsors, such as Microsoft Corp., Verizon Communications Inc. and Anheuser-Busch InBev SA/NV. The Super Bowl alone can generate revenue of about $620 million, according to a report by Statista. On top of that, an estimated $15.5 billion was spent by consumers on Super Bowl-related purchases in 2016, the report said.

Other organizations that support the big game are at risk, such as the Houston Super Bowl Host Committee. NFL sponsors and partners that help put on the big game, such as Accenture Plc, Chevron Corp., General Electric Co. and Hess Corp., might introduce their own cybersecurity issues that might affect other companies in the supply chain, cybersecurity pros said.

The hype around the big game mainly focuses on the play on the football field and the millions of dollars in television ad revenue generated. Twenty-First Century Fox Inc. Executive Vice President Bruce Lefkowitz predicted to Bloomberg News that the upcoming Super Bowl game will be the largest revenue day in the company’s history. Fox is seeking $5 million for 30 seconds of airtime. But lurking behind the scenes are hackers and other wrongdoers who hope to cash in on valuable data collected by the NFL, its corporate sponsors and the football teams.

Are Vendors Weak Link?

Although there are risks that hackers may disrupt the Super Bowl broadcast signal or take down critical infrastructure that support the big game, the biggest cybersecurity risk may rest with third party vendors, Peter Tran, general manager and senior director at cybersecurity solutions company RSA Security LLC, told Bloomberg BNA.

Samide agreed, saying that hackers may try to work their way into the more secure information technology infrastructure of the NFL or one of their larger corporate sponsors through weak cybersecurity potentially provided by a third party vendor, Samide said. Because of this, third party vendors and those they do business with “should double down on their cybersecurity measures,” he said.

The IT behind the Super Bowl, including ticketing systems, on-field performance data collection and television and radio broadcast signals, are mainly supported by third party vendors. Because the NFL and its partners work with multiple third party vendors that each have different IT infrastructures, there likely is an increased cybersecurity risk, including ransomware, distributed denial of service, malware and other attacks, surrounding the Super Bowl, the cybersecurity pros said.

The NFL and “each vendor” must check their systems to make sure “they aren’t the weakest link in the chain,” Tran said. If a vendor is the weakest link, it could cause reputational and material damage to its own profits as well as those further up the supply chain, he said.

There may be a “national digital deflate-gate debate” if there is a major cyberattack during the Super Bowl, Tran said, referencing the New England Patriots scandal over the alleged purposeful deflation of footballs that led to a four-game suspension of star quarterback Tom Brady.

The NFL told Bloomberg BNA Feb. 2 that it declined to comment. Representatives for the Houston Super Bowl Host Committee didn’t immediately respond to Bloomberg BNA’s e-mail request for comment.

Big Game, Big Risks

Companies of all sizes that do business with the Super Bowl, and any other event of that magnitude, should implement encrypted communication methods, use two factor authentication, increase cybersecurity training for all employees, identify and classify sensitive data and develop an incident response plan, Samide said. Companies should continue the heightened awareness even after the Super Bowl because it may help prevent a hack attack, even unrelated to the big game, he said.

A Super Bowl cyberattack could also affect the play on the field, which could lead to reputational harm and lost profits for gambling venues and future ad revenues, Tran said. According to Statista, $132.5 million was wagered in Nevada on the 2016 Super Bowl.

Teams generally don’t think of themselves as a high value target for hackers, but the increase use of big data during game play has increased the cyberattack risk landscape for most NFL franchises, he said. If a team experiences a cyberattack, it could lead to a loss of integrity of the data which in turn may lead to lost revenues and decreasing viewership, Tran said.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security