Cyberattacks on sports teams have doubled, and 2026 is off to a bad start

The world of professional sports boasts not only intense competition but also substantial financial investments and has become an increasingly attractive target for cybercriminals. Once considered safe from digital threats, sports organizations now face a growing wave of sophisticated cyberattacks, including data breaches, ransomware, and corporate espionage. This trend highlights a critical shift: as teams increasingly rely on data for a competitive edge, criminals now view that same data as a valuable asset to steal and exploit.

By analyzing high-profile incidents from the last decade, this research illuminates the evolution of cybercriminal strategies from opportunistic theft to organized extortion and strategic data exploitation. As the sports industry continues its digital transformation, understanding these threats is paramount to safeguarding the integrity of sport, confidential data, and financial stability.

Key Insights

• An analysis of 25 high-profile cybersecurity incidents in sports teams from June 2015 to early 2026 reveals that they are lucrative targets for data breaches, ransomware, and corporate espionage. The timeline of incidents reveals that cybercriminal activity against sports teams isn't just a passing trend — it’s escalating. When comparing the first half of the dataset (2015–2020) to the second half (2021–early 2026), the volume of incidents has more than doubled from 8 to 17 (a 112% increase). The first quarter of 2026 alone already registered three major incidents (Olympique de Marseille¹, AFC Ajax², and the French Rugby Federation³), suggesting that as sports organizations digitize further, attackers are multiplying their efforts.
• Cyberattacks in the sports sector have evolved from isolated financial theft to major extortion campaigns. Between 2021 and 2026, in addition to targeting transactional data, cybercriminals began hoarding sensitive corporate and personal records to maximize their leverage, amassing highly confidential data, while simultaneously executing breaches that compromised over 1.23 million combined records across just three recent 2026 attacks alone (OM, Ajax, and the FFR).
• Europe accounts for 60% of the recorded incidents (15 out of 25), followed by North America at 36% and Oceania at 4%. Global football (soccer) takes the hardest hit, suffering over half (52%) of all attacks across leagues like the Premier League, Serie A, and Ligue 1. Basketball follows with 20% of incidents.
• Ransomware appears to be the industry's biggest digital vulnerability. Data shows that ransomware accounts for roughly 36% (9 out of 25) of recorded cyber incidents since 2015. While the early years (2015–2019) show a disjointed variety of tactics like corporate espionage and e-commerce skimming, the 2021–2026 landscape is more extortive. In this period, ransomware accounted for 41% of all attacks (7 out of 17 incidents), highlighting the rise of organized cybercriminals targeting sports teams for ransom payments. Between 2015-2020 and 2021-2026, ransomware incidents increased by 250% (from 2 to 7).
• It's no longer just the back office getting hit: recent attacks are sweeping up the entire ecosystem simultaneously. Fan data was compromised in at least 56% of all incidents (14 out of 25), shifting from isolated e-commerce Magecart skims to massive database leaks. For example, fans have had their financial information, such as credit card details, compromised in four instances. This includes an incident with the Atlanta Hawks (NBA)⁴ online store, in which cybercriminals injected a payment skimmer to steal names, addresses, and credit card details from fans who ordered merchandise in 2019.
• At the same time, data from players for competitive intelligence remains a target too. This is evident in ransomware attacks that compromised 500 GB of contracts, NDAs, and corporate financial data (Houston Rockets, 2021)⁵ or 305 GB of confidential data, including address details, bank account numbers, passports and medical records (Royal Dutch Football Association, 2023)⁶. Social media accounts have also been targeted, with at least three instances of cybercriminals taking over clubs’ online accounts, being used, for example, to promote fake cybercurrencies (FC Barcelona, October 2025)⁷.

Methodology and sources

This study utilized public media reports on cybersecurity incidents to create a dataset covering high-profile occurrences in the professional sports sector from 2015 to early 2026. Incidents were included if they involved a reported cyberattack against a sports franchise, league, or organization. Once the dataset was compiled, each case was further classified by the type of cyberthreat, the specific sport and geographic region affected, and the primary targets of the compromised data (such as corporate operations, elite athletes, or fans).

References: