Manchester United show cyber-attackers the red card

Manchester United show cyber-attackers the red card

After weeks of disruption, Manchester United were finally able to announce last week that they’d fought off hackers who had been holding the club to ransom via a sophisticated cyber-attack. The fact that one of the world’s biggest football teams had been targeted in a sophisticated operation by an organised criminal gang made headlines around the world.

Cyber-gangsters were demanding a multimillion pound payment and threatened to leak secret documents containing sensitive information unless it was paid. The club could have faced fines of up to four per cent of its global annual turnover, if it was found to have breached fans’ rights under data protection laws.

But according to reports, the cyber-attack, believed to have originated from an email phishing scam, is now over. The case once again underlines how important it is for businesses - of all sizes - to take care over all the data they hold. This is all the more vital during a pandemic which has created an explosion in cyber-based hacking attempts. 

Here Clive Mackintosh, a data protection solicitor at Harper James Solicitors, provides his expert analysis on what happened, and provides advice on how businesses can better protect themselves.

'In a performance worthy of its football team, the IT security department at Manchester United Football Club was able to thwart and beat the attempts of criminal hackers to infect the club’s networks and servers with malicious ransomware following the attack that occurred last month.

The impact of the cyber-attack could have been devastating to a club that relies on its off-pitch activities as much as it does its on-pitch ones. 

A ransomware attack involves hackers deploying malicious software that infects an organisation's networks and computers, leading to the encryption and compromise of its data. 

Criminals then offer to provide the victim with a decryption key to enable them to retrieve and restore the compromised data - but only for a very hefty ransom fee in return - often running into hundreds of thousands of pounds.

Ransomware attacks are becoming more prevalent and sophisticated. Any business, whatever its sector, small or large is vulnerable to this form of attack. Just as the players spend many hours on the training ground practising their skills and honing their attacking and defensive strategies, it’s clear that the club’s IT team do likewise.

No organisation, whether it’s Manchester United or any other, can successfully defend itself against sophisticated cyber-attacks without having in place a clear and practiced security breach management strategy and protocol.

Four steps you can take to improve data security

1. Staff training

Train staff and make them aware of the risk of cyber fraud through failing to verify incoming email.

2. Be vigilant

Understand cyber-attacks aren’t just committed by faceless hackers sitting behind computer screens, but through human social engineering.

3. Plan and rehearse

Put in place and rehearse a cyber-attack contingency plan for recovering and restoring your data.

4. Appoint your crisis handlers

Assemble a crisis team and train them to deal with such emergencies.

Putting together a security protocol around these points will help provide a great platform to keep your business safe now - and in the future.  For advice specific to your business's needs, contact our data protection legal experts.

About the Author

Clive Mackintosh

Clive Mackintosh

Senior Data Protection & Privacy Solicitor
Clive joined Harper James in February 2020 as a senior data protection and privacy lawyer.


Our offices

A national law firm

A national law firm

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
10 Fitzroy Square, London, W1T 5HP
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
2-5 Velocity Tower, 1 St Mary’s Square, Sheffield, S1 4LP
A national law firm

To access legal support from just £125 per hour arrange your free no-obligation initial consultation to discuss your business requirements.

Make an enquiry

X