Manchester United Risk £15m Fine if They Pay Ransom to Cyber Hackers

Nov 28, 2020, 11:00 AM GMT
United risk a £15m fine if they pay the cyber hackers the demanded ransom | OLI SCARFF/Getty Images

Manchester United could be slapped with a £15m fine if they succumb to the demands of cyber hackers allegedly holding the club to ransom.

The Red Devils confirmed that they had been hit by a 'sophisticated operation by organised cyber criminals' on 21 November, but they have since refused to comment as to whether the club is being held to ransom.

Gary Neville
United insist the club are not being held to ransom | Alex Livesey - Danehouse/Getty Images

On Friday it was reported that United were being held to ransom 'for millions of pounds', with the threat of highly sensitive information being leaked into the public domain.

According to the Daily Mail, United will face a further financial sanction should they agree to pay the cybercriminals to prevent them releasing this sensitive information.

As United are owned by the Glazers and are listed on the New York Stock Exchange, they are subject to US law. Legislation from the US Treasury Department dictates that organisations who pay the ransom demands of hackers who are listed on their global hit list will incur a hefty fine - which could be as much as £15m.

The US Office of Foreign Assets Control warned that agreeing to meet the financial demands of a cyber hacker makes them stronger and risks them striking again.

Fred, runo Fernandes, Marcus Rashford
Match day operations have not been impacted by the hack | Michael Regan/Getty Images

"Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations," an OFAC statement read.

"Facilitating a ransomware payment that is demanded as a result of malicious cyber activities may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims."

The club could also face an £18m fine from a UK Government body - the Information Commissioner’s Office - if the data protection of their fanbase has been breached. However, the club released a statement on Friday stating that they were unaware of any breach of personal data.

United's matchday operations and media channels have continued to run smoothly despite the attack, with the club insisting the disruption is minor.