Changing the Score: When Hackers Target the Scoreboard
At Victory Cybersecurity Consulting (VCC), we’ve seen firsthand how cyber risks to sports infrastructure are no longer theoretical—they’re operational. Our mission is to help sports organizations secure what matters most: fan trust, game integrity, and critical digital systems that keep stadiums running. This blog draws on the same intelligence-driven strategies we use with clients to identify vulnerabilities, mitigate threats, and build a resilient foundation for game-day operations.
It’s easy to think of a scoreboard as just a flashy display. But in modern sports, that glowing rectangle is part of a sprawling digital ecosystem that’s increasingly under attack. Stadiums, once bastions of physical security, have rapidly transformed into “smart” venues with Wi-Fi, IoT devices, digital signage, mobile ticketing systems, and real-time broadcast feeds. And just like any other critical infrastructure, these systems are now prime targets for cybercriminals and nation-state actors.
From the Sidelines to the Crosshairs
In recent years, attacks on sports infrastructure have shifted from embarrassing pranks to severe disruptions:
Jacksonville Jaguars Scoreboard Hack (2024): A convicted cybercriminal hijacked the stadium scoreboard and inserted explicit images during a game, exposing flaws in access controls and vendor oversight. This attack demonstrated the operational consequences of poorly secured remote access and inadequate oversight of third-party technician access. The threat actor exploited known vulnerabilities in AV control software and pivoted through an unmonitored vendor account, using publicly available tools to deface the scoreboard in real time. TTPs mirrored those commonly used by hacktivists and low-sophistication actors, but the impact—disruption of game operations and media backlash—was high.
Dutch Football Association (2023): A significant cyberattack disrupted the Royal Netherlands Football Association's operations, highlighting the vulnerability of back-office systems supporting elite athletic events. Likely the result of targeted phishing or credential reuse, the attack compromised sensitive athlete and operational data. This breach reflected APT-style behavior associated with data exfiltration and disruption of organizational continuity. The attackers’ focus on administrative and planning systems underscores the need to treat back-office platforms as high-value infrastructure within sports organizations.
Olympic Destroyer (2018): The PyeongChang Winter Olympics suffered a coordinated cyberattack that disabled Wi-Fi, broadcast systems, and tickets just hours before the opening ceremony. This highly coordinated operation, attributed to Russian GRU-affiliated actors, demonstrated the use of wiper malware, lateral movement, and deceptive attribution tactics. Olympic Destroyer disrupted digital and physical infrastructure simultaneously, blending nation-state TTPs with psychological operations. It remains one of the most comprehensive cyberattacks ever observed in the sports domain.
Minor League Baseball (2020): Hackers remotely accessed a stadium’s LED display to broadcast political propaganda, exploiting unsecured protocols over the internet. While lower in technical sophistication, this event revealed the dangers of internet-exposed IoT systems. The scoreboard was compromised using basic scanning and credential-stuffing techniques, likely executed by ideologically motivated actors. Although the impact was localized, the reputational damage to the hosting organization prompted a rapid overhaul of the display network architecture.
Each incident points to a broader truth: scoreboards aren’t just displays. They’re nodes in a much larger attack surface.
Why Stadiums Are Soft Targets
Several consistent themes emerge when examining the risks facing smart sports venues:
Legacy Devices in a Modern Network: Stadiums often operate critical systems—scoreboards, HVAC, AV controllers—on outdated operating systems and with default administrative configurations, providing easy footholds for attackers. Threat actors frequently exploit these legacy systems through known vulnerabilities cataloged in public CVE repositories. Tools like Shodan can identify internet-exposed systems running outdated firmware, while common TTPs such as remote code execution and credential stuffing are used to bypass weak defenses. Once inside, attackers may drop ransomware, hijack displays, or establish persistence for surveillance and data theft.
Unsegmented Networks: Poorly architected environments allow lateral movement from public Wi-Fi to operations, from concessions to scoreboard controls. Cybercriminals rely on lateral movement to escalate privileges or access critical infrastructure after breaching a less secure entry point. In many sports venues, the lack of VLAN segmentation allows attackers who compromise guest Wi-Fi or an exposed API to pivot directly into sensitive operational systems. This technique was observed in the Olympic Destroyer campaign, where attackers moved from credentialing servers to core broadcast infrastructure.
Vendor Access Sprawl: Stadiums rely heavily on third-party services. When access credentials aren’t limited or monitored, it creates a shadow network of trust relationships that can be exploited. Threat actors have increasingly targeted third-party vendors as a pathway into larger enterprise environments. In stadium operations, attackers can leverage compromised vendor credentials to access maintenance portals, payment systems, or scoreboard software. These TTPs often mirror those used in supply chain attacks—where trust is weaponized to circumvent perimeter defenses.
IoT Blind Spots: Devices like digital signage, IP cameras, and connected turnstiles are frequently left out of asset inventories and risk models, creating unmanaged attack vectors. Attackers frequently exploit IoT systems due to their weak authentication, outdated firmware, and lack of visibility in centralized monitoring systems. These devices are often configured with default credentials and open ports. Threat actors can deploy botnets or manipulate displays with minimal effort, turning what was once just a risk of nuisance into a pathway for broader attacks and disruption.
Recent ransomware and scoreboard tampering incidents reflect the risks of insufficiently controlled digital access within operational environments that mirror patterns observed in traditional critical infrastructure sectors.
Integrating Cyber Risks and Threats into Business Processes
Cybersecurity cannot remain siloed in the IT department. It must be integrated into operational planning, vendor procurement, and executive risk management. A threat-informed approach enhances situational awareness and business continuity planning.
Risk Modeling as a Budgeting Tool: By quantifying the impact of downtime on game-day revenue, PR fallout, and regulatory liability, executives can prioritize infrastructure hardening within annual strategic plans and insurance policy negotiations. Victory Cybersecurity Consulting (VCC) helps organizations embed this modeling into business workflows using structured playbooks and role-based scenarios. Rather than deploying new tools, VCC works with cross-functional teams—from stadium operations to finance—to visualize exposure, rehearse decisions under stress, and build budgeting logic grounded in threat likelihood and consequence.
Threat Intelligence in Procurement: When integrating new apps, devices, or vendor relationships, teams should assess threat landscapes relevant to those services. If a vendor’s software stack has unresolved CVEs or poor patch discipline, it’s a business risk—especially when those services have lateral access to OT systems. VCC guides procurement and legal teams through lightweight vendor review frameworks incorporating threat intelligence without disrupting onboarding timelines. VCC’s method emphasizes internal collaboration between IT, security, and contracts teams to ensure that threat-informed decisions are codified in policy and practice.
Security-by-Design in Stadium Development: Scoreboard, HVAC, and lighting systems should be subject to the same vetting as other enterprise systems. Hardening cannot be an afterthought. When infrastructure is built without enforcing principles like least privilege or audit logging, attackers don’t need to break in—they’re invited. VCC supports design-phase security integration by facilitating structured collaboration between technical leads, architects, and operational stakeholders. Rather than prescribing new hardware or software, VCC builds alignment on secure baselines and governance that reinforce shared accountability for long-term infrastructure resilience.
Integrating threat modeling and risk quantification into operational workflows reduces exposure and builds resilience across the franchise ecosystem.
Real-World Recommendations from the Field:
Network Segmentation: Apply strict policy boundaries between operational systems, guest access, and business platforms.
Vendor Governance: Incorporate continuous monitoring and third-party risk scoring into vendor contracts.
IoT and Display Hardening: Track scoreboard and LED vulnerabilities via NIST CVE feeds and mandate firmware audits.
CTI-Aligned Infrastructure Planning: Use kill chain modeling and dark web threat telemetry to guide physical security upgrades.
Red Teaming and Tabletop Exercises: Conduct regular simulations that include scoreboard defacement, Wi-Fi takedown, and broadcast interruption.
Closing: The Scoreboard Is a Beacon
When hackers target the scoreboard, they send a message: “We’re in your house.”
It’s no longer about embarrassing messages or halftime pranks. It’s about ransomware, reputational damage, and undermining trust with fans, sponsors, and broadcasters.
Defending digital sports infrastructure requires treating it like any other critical sector—with layered defense, threat intelligence, and operational vigilance.
Because in modern sports, the scoreboard isn’t just for show. It’s a symbol of what’s at stake.