Two days ago, a Swedish company got fined $565,000 for losing the personal information of 2.1 million people.
Most of them were kids.
The Sportadmin Breach: How 2.1 Million Records Leaked
Sportadmin is an app that youth sports clubs use to manage registrations, schedules, and payments. Think of it like the SignUpGenius or TeamSnap of Sweden. Swimming lessons. Soccer leagues. Gymnastics classes. Hockey programs.
In January 2025, hackers from a Russian-linked group called Ransomhub broke in. Investigators found the company had weak spots in their system: outdated software, too many people with admin access, and gaps in how they protected their database. Basic security failures.
The hackers took everything.
Names. Addresses. Phone numbers. National ID numbers (Sweden's version of Social Security numbers, except Swedes use them for everything from gym memberships to medical records, making them even more valuable to criminals). Club memberships. In some cases, medical information and data on children with protected identities.
The hackers demanded money. Sportadmin refused to pay. So in March 2025, the hackers posted all 300 gigabytes of stolen data on the dark web for anyone to download.
The Swedish Data Protection Authority investigated and found the company violated GDPR Article 32, which requires companies to protect personal data with proper security measures. The fine? About $565,000.
Here's some context: the company that owns Sportadmin paid about $14 million to buy it in 2024. This fine is roughly 4% of that purchase price. Pocket change.
Why This Matters If You Live in the US
You're not in Sweden. But your kids are in the same situation.
Think about every app and website that has your child's information right now:
- School portals
- Sports league signups
- Summer camp registrations
- Dance and music programs
- Scouting and youth groups
- Birthday party venues
Each one stores names, addresses, birthdays, sometimes medical info, sometimes payment details. Most of them have weaker security than your bank. Some of them are run by volunteers with no tech background.
In the US, we have COPPA (Children's Online Privacy Protection Act), which requires websites to get parental consent before collecting data on kids under 13. But COPPA doesn't require companies to have strong security. It just says they need permission to collect the data in the first place.
So a youth sports app can legally collect your child's information with your consent, store it with terrible security, get hacked, and face minimal consequences.
When one of these gets hacked, the data doesn't disappear. It gets sold. It gets used. Sometimes years later, your kid applies for their first credit card and finds out someone's been using their identity since they were nine.
How to Protect Your Child's Identity After a Sports App Data Breach
You can't control how your kid's soccer club stores data. But you can make it harder for criminals to use that data against your family.
1. Create a Separate Email for Kid Stuff
Make a dedicated email address like smithfamilysports@gmail.com and use it for all youth activities. If that email gets leaked, it's not connected to your bank, your work, or your main accounts.
2. Use Different Passwords Everywhere
Every website gets its own password. Yes, every single one. Use a password manager like Bitwarden or 1Password to remember them for you. That way, when one site gets hacked, the criminals can't use that password to break into everything else.
Need a strong password? Try our free password generator.
3. Freeze Your Child's Credit
This is free and takes about 15 minutes per bureau. Contact Equifax, Experian, and TransUnion to freeze your child's credit file. This stops anyone from opening credit cards, loans, or accounts in your child's name.
You'll need to unfreeze it when they turn 18 and need credit, but that's a small hassle compared to cleaning up identity theft.
4. Ask Questions Before You Sign Up
Next time a program asks for your child's information, ask:
- Why do you need this?
- How long do you keep it?
- Who has access to it?
- What happens if there's a breach?
Most organizations have never thought about this. Your question might be the wake-up call they need.
5. Watch for Signs of Identity Theft
If your child starts getting mail from banks, credit card offers, or collection agencies, something is wrong. You can also sign up for family identity monitoring services that alert you if someone tries to use your child's information.
The Bottom Line
The 2.1 million people in the Sportadmin breach can't undo what happened. Their data is out there forever. Some of those kids will deal with identity theft for years.
A $565,000 fine doesn't fix that. It's about 4% of what the company paid to buy the platform. It's a cost of doing business.
The only real protection is assuming every app, every website, and every signup form could be breached tomorrow. Use strong passwords. Limit what you share. Freeze your kids' credit.
Because the next Sportadmin is already out there, holding your family's data with security that isn't good enough.
Frequently Asked Questions
What happened in the Sportadmin data breach?
In January 2025, Russian-linked hackers stole 300GB of data from Sportadmin, a Swedish youth sports app. The breach exposed personal information of 2.1 million people, mostly children, including names, addresses, national ID numbers, and club memberships.
How can I protect my child's identity after a data breach?
Freeze your child's credit with the major bureaus, use unique passwords for every account, create a separate email for youth activities, and monitor for signs of identity theft like unexpected mail from banks or collection agencies.
Can I freeze my child's credit for free?
Yes. You can contact the major credit bureaus directly to request a freeze on your child's credit file at no cost. It takes about 15 minutes per bureau and prevents new credit accounts from being opened in their name.
Sources: Swedish Data Protection Authority (IMY) decision, January 26, 2026; Lime Technologies investor communications, January 2024; Sweden Herald reporting on the Sportadmin breach.
T.O. Mercer | SafePasswordGenerator.net