Manchester United Still Trapped on the Ransomware Clamp

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

When Manchester United announced a ransomware attack last week, the English football club made it appear like a minor thing that they managed to repel before greater damage was done. However, and after several days have passed without the club’s computer systems being back in normal operation, it now becomes clear that the ransomware attack was a lot more severe.

In fact, the “Red Devils” are now facing a big ransom demand, a potential penalty from the ICO due to the data breach, and the prospect of disruption in match-day operations.

The next home game is a Champions League match against Paris Saint-Germain on December 2, 2020, which is five days away. The club has contracted IT specialists to help them get the ticket systems back up and running and conduct forensic investigations that will reveal who is responsible for this situation. According to the club’s spokespersons, all critical systems required for holding the match are secure, so there’s nothing to worry about.

Unconfirmed reports claim that the actors are now asking for the payment of millions of pounds, which makes sense considering the size of the club. Undoubtedly, football clubs have taken a hit by the COVID-19 situation, as stadiums had to host games without supporters. However, they still have a substantial income from sponsorship deals and TV broadcasting licensing rights. That said, football clubs of this size cannot afford to lack ultimate cybersecurity levels, and even that wouldn’t be enough against all possible threats.

The British NCSC (National Cyber Security Center) has already warned football clubs that cybercriminals love to target them, and hackers have already knocked on the door of a staggering 70% of all pro-level organizations in the country. Compared to other types of companies, sports entities are twice as likely to suffer a ransomware attack.

Manchester United has made it clear that no fan data was compromised by this event. Still, it is expected that the UK ICO (Information Commissioners Office) will investigate these claims nonetheless. If a data breach is ascertained beyond doubt, the club will be called to pay a fine between £9 and £18 million, or 2% of their total annual worldwide turnover.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: