Breaches highlight difficult task of keeping data secure
A recent spate of high-profile data breaches within the sports industry, as well as the ongoing national crisis surrounding credit reporting agency Equifax, has quickly amplified the need for more secure information technology systems.
The Equifax issue, involving the potential exposure of nearly 150 million Social Security numbers, has marked the highest profile data breach. But in recent weeks, an accidental data breach at Major League Lacrosse had a possible leak of confidential information of more than 1,000 players. And more recently, an online database belonging to the NFL Players Association inadvertently exposed the information of more than 1,100 players and agents.
More notably, former St. Louis Cardinals scouting director Chris Correa is now in federal prison and is permanently banned from baseball for his activities earlier this decade hacking into the Houston Astros’ proprietary baseball operations databases.
The circumstances in each case are slightly different as each affected entity has sought to close the breaches. But the common thread is clear: Hackers are growing increasingly skilled and fervent in their pursuit to illegally obtain confidential information, and teams and properties must respond accordingly. The rise of ransomware, in which hackers install malicious software and threaten to distribute or withhold vital information unless a ransom is paid, has only amplified the data security threats.
“With increased investments in digital technologies, sports teams must manage the cyber risks that can result from such innovations,” warned Vikram Kunchala, Deloitte Advisory managing director, in a white paper earlier this year. “The very tools used to gain a competitive advantage could expose organizations to new cyber threats.”
The Kromtech Security Center, which discovered the NFLPA vulnerability, similarly said this month: “It is logical to believe that criminals had access to this information and could have even targeted players or agents by using the credentials the database contained. The NFL and its players would be a prime target for scams or fraud.”
As a result, one of the faster growing positions in the sports industry could soon become director of IT security. Kroenke Sports & Entertainment is among the companies that have hired such a person focused specifically on cybersecurity within its IT department, and has explicitly sought to keep sensitive financial data such as fan credit card numbers off its own servers and solely with its ticketing partner AXS.
“This is something we’re increasingly spending time on to make sure we’re fully compliant with all the industry standards and all our partners who hold data for us are fully vetted,” said Jeremy Short, Kroenke vice president of business intelligence.
AEG similarly detailed a closer internal working relationship between its IT and legal departments to ensure they are aware of all known threats to its data systems, and are regularly updating its permissions, firewalls and terms of service.
“This has been a big area of focus for us,” said Aaron LeValley, AEG vice president of digital strategy and analytics. “You’re never going to get to a zero percent chance of being breached, and it would be really careless to assume otherwise. But we feel better that our chances have been greatly reduced.”