MANCHESTER UNITED risk being hit with a £15million fine if they give into hackers' ransom demands, according to reports.
The Premier League giants have been hit by a cyber attack that has left the club's systems compromised.
The club confirmed last week that it had been the target of a "sophisticated operation by organised criminals", and has since brought in a team of technical experts to contain the attack.
⚽ Read our Man United live blog for the latest news from Old Trafford
The hackers are understood to be demanding a ransom with the possibility they will leak sensitive information or block access to it if United don't pay up.
The identity of the attackers and the amount being demanded are currently unclear.
However, if the Red Devils give in, they could break US legislation that is punishable by a fine of up to £15m, the Daily Mail report.
Because Manchester United are listed on the New York Stock Exchange, they are subject to US law.
And any organisation that meets the ransom demands of hackers who appear on their global hit list would fall foul of the law.
The US Office of Foreign Assets Control, an arm of the US Treasury Department said in a statement: "Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.
"Facilitating a ransomware payment that is demanded as a result of malicious cyber activities may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims.
"For example, ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States.
"Ransomware payments may also embolden cyber actors to engage in future attacks."
Paying a ransom gives no guarantee that sensitive information won't be leaked.
If data protection laws are breached, Manchester United also risk punishment at home as well.
The independent UK Government body, the Information Commissioner’s Office, has a range of options open to them. They have previously fined British Airways £20m and Marriott International £18.4m for failing to protect customers' personal information.
Manchester United are not aware that fans' data has been breached.
A spokesperson for the ICO said: "MUFC have made us aware of an incident and we are continuing to make enquiries."
Meanwhile, the National Cyber Security Centre said in a statement: "We are aware of an incident affecting Manchester United Football Club and have been working with law enforcement partners in response."
A statement released by Manchester United to the Daily Mail read: "Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations.
"This attack was by nature disruptive, but we are not currently aware of any fan data being compromised.
"Critical systems required for matches to take place at Old Trafford remained secure and games have gone ahead as normal.
"The club will not be commenting on speculation regarding who may have been responsible for this attack or the motives behind it."
Source: Read Full Article