Sir Dave Brailsford, Team Sky principal, believes attackers broke into the team's computers and stole Froome's performance data so they could analyse it for signs of doping. He revealed his concerns on Monday, the Tour de France's first rest day.
Froome has been dogged by rumours of doping since his winning ride in the 2013 Tour. Team Sky is famously reticent to release performance data but at the time took the unusual step of releasing his performance data going back to 2011 to refute the allegations.
On Monday, a video was posted on YouTube which claimed to show Froome's ride on Mont Ventoux during the 2013 Tour, overlaid with physiological data. The video was later removed but it didn't stop some people who had seen the video to take to Twitter to offer their armchair analysis of the data.
Froome and Team Sky have always insisted they compete clean and that Froome's performance is possible without the use of performance-enhancing drugs.
No additional information was available regarding the hack such as who might have been behind it or how it was executed. The alleged hack is seen as part of a growing trend in attacks against the sports industry.
Bryan Lillie, chief technical officer, cyber-security, QinetiQ said no one is immune from hacking. “It's not just banks and governments – we all need to treat security seriously,” he said. “IoT, which includes many devices which monitor and collect personal information, creates huge amounts of valuable data which represents a new target for hackers, blackmailers, competitors and critics. The more that data becomes critical to your operation, the more seriously you need to take it. Sports teams may not seem like the traditional target of hackers, but if you have valuable data, you will be a target for someone.”
Wieland Alge, vice president and general manager of EMEA at Barracuda Networks said the hack was not surprising given the increasing number of hacks in the sports industry overall. “Consultancy firm PwC predicted that the global sports market is set to be worth £93 billion by the end of 2015. This growth is making clubs and organisations in the sector lucrative targets for hackers,” he said. “Sports teams, just like businesses, need to recognise that they are at risk of an attack. It is imperative that they set dedicated budget aside to address cyber-security.”
He added: “The sports-related industry makes a living from a tight and open relationship with fans and this inevitably makes them vulnerable to all kinds of social attacks. It turns out that such organisations often need a higher level of security built into their infrastructure than some traditional businesses like banks. This is one of the paradoxes that emerged with the increased intensity of digital interaction.”
Rob Cotton, CEO at NCC Group, said the hack was an inevitable conclusion of our growing dependence on technology. “All sports – including cycling – have embraced technology, allowing athletes to make massive efficiency gains. But with that comes a cyber-security danger,” he said. “This alleged industrial espionage once again highlights the diverse motivations and capabilities of various groups of threat actors. From activists, investigators or competitors the dependency we have on electronic storage coupled with suspected incidents such as this illustrate the very real threat.”
The legal implications
Meanwhile, a lawyer has examined the legal implications of the Chris Froome data breach – looking at what laws have been broken and who could be liable – and has included advice for Team Sky on next steps they can take to limit the damage.
“In this case, a video was posted on Twitter of a climb by Chris Froome during one of the mountain stages of the 2013 Tour, and was overlaid with the hacked data. The suggestion being made in the media is that the video was posted to create suspicion that Froome was doping,” said Alison Rea, senior associate, Kemp Little.
“There are a number of legal issues here. Firstly there is no doubt the data is confidential information and therefore the leak of such information is likely to give rise to a legal claim for breach of confidence. Given the data relates to an identified individual, there is also a breach of the Data Protection Act 1998, interestingly both by the hacker who unlawfully obtained the data, as well as potentially by Team Sky who would have had an obligation to take measures to prevent unauthorised access to or loss of the data.
“A further issue is that the publication of the video could lead to liability for defamation, which can arise as a result of video content as well as mere words. A court would have to examine the video and determine what was the natural and ordinary meaning of the content. In this case, the video contains physical data such as heart rate data and other physical metrics. While there may not be a clear statement saying that Froome was doping, Sky could seek to rely on the innuendo meaning of the video, ie that people know of the widespread doping allegations surrounding the cycling world and, on that basis, that innuendo meaning of the video would have been obvious to members of the public viewing the video.
“Although, in this case, the video seems to have been removed swiftly by the user who posted it, it is not uncommon for such content to be reposted across multiple platforms. If that was the case, Team Sky would be well advised to seek an urgent injunction against the websites which host the video, before it proliferates across the Internet. Depending on where sites hosting the video are based, this could become an increasingly difficult and expensive operation. The Team may also consider whether to speak to the ICO, once they have assessed all the data that has been obtained, given the data would likely be classified as sensitive personal data, relating to the health of Chris Froome (but potentially also other riders on the team).”