Categories & Search

Sports Data & Cybercrime: Alarm Bells?

Is legalized sports betting the next big thing in cybercrime?

When the U.S. Supreme Court last spring struck the Professional and Amateur Sports Protection Act – the law that barred most states from allowing sports betting – the floodgates opened and everyone seeking to profit from legalized sports gaming staked out their turf. Five states have already passed laws to allow sports betting and 18 others will soon follow suit. The most recent state to open its doors to legalized sports wagering, West Virginia, even plans to allow online sports wagering.

Sports pundits say the big winners will be the states (increased tax revenues) and casino owners (the “house always wins”).

But doesn’t the high court’s ruling present an almost perfect opportunity for cybercrime? In sports betting, there’s already plenty of dough on the line. While hard statistics vary, in the U.S. alone, sports wagering is estimated to be a $150 billion to $400 billion market, yearly. And that’s what provides the opportunity for hackers.

Teams and players are always looking for an edge on the competition. Inside information about a team – scouting reports, a team’s strategic plan or player health information – all provide insights about a team’s or player’s future performance. Hack into the database of a sports team and the information is yours.

The motive? It could be purely financial or to gain a competitive advantage. But it could also be darker, leveraging the regulated structure of legalized gaming for money laundering or using hacked information for blackmail or extortion. 

Sound far-fetched? It’s not at all. Three years ago, the scouting director for Major League Baseball’s St. Louis Cardinals’ did just that. Chris Correa hacked into the database of the rival Houston Astros’ – called “Ground Control” – and mined competitive information for two years without being caught. Correa was sentenced to prison for corporate espionage and the Cardinals punished for the misdeed.

Teams generate mind-boggling amounts of data, from tracking movement with sensors embedded in jerseys to hydration and fatigue levels. With the increased use of “wearable” technology, the use and potential of big data in sports is barely out of the starting blocks.

In a New York Times piece earlier this year, I wrote that “[e]ven before the court ruling, there were risks, but now those risks are exponentially greater. By putting heightened cybersecurity safeguards into place now to protect confidential sports information, legal wagering doesn’t have to unleash hackers."

And yesterday, in a Law360 analysis, reporter Zachary Zagger warned that “sports teams must tackle hacking risk amid legalized gambling.”

There’s a lot at stake when it comes to the growing role of big data in the sports world. The good news is that much of the cyber risk to sports data created by legalized gambling can now be identified, and with an uncompromised commitment, steps can be taken to begin keeping that data safe.

But the cyber war is only getting started and hackers almost always hedge their bets.  The real question is whether collective action can be taken before the next disaster strikes.