Qtonic Quantum Corp Publishes Research Report on Long-Term Quantum Exposure Risk to Global Football Medical and Identity Data
Qtonic Quantum Corp released a 30-page public research report on harvest-now, decrypt-later exposure in global football. The report examines how mandatory FIFA medical, cardiac, and identity data across 211 member associations may face long-term quantum decryption risk, assigns a qualitative Critical HNDL Risk Rating, and recommends cryptographic inventory as the first step.
Miami, FL, June 12, 2026 --(PR.com)-- New report, released as the 2026 FIFA World Cup opens, examines harvest-now-decrypt-later risk in mandatory medical, cardiac, and identity data collected across 211 FIFA member associations.
Qtonic Quantum Corp today published a public research report examining harvest-now-decrypt-later exposure in global football, with a focus on mandatory medical, cardiac, and identity data collected across FIFA’s global competition and registration environment.
The 30-page report, prepared by the Qtonic Quantum Research Team, was released on the opening day of the 2026 FIFA World Cup. The tournament is expected to generate one of the most concentrated bursts of cross-border medical and registration-related data transfers in the sport’s calendar.
The report analyzes why this category of football data presents a different risk profile from ordinary enterprise data. A compromised password can be rotated. A compromised payment card can be reissued. A decrypted cardiac record, medical history record, or biometric identity element cannot be changed after exposure.
The report is a structural risk analysis based entirely on public sources. It does not allege any breach. It does not claim that any harvest-now-decrypt-later operation is targeting football data. It makes no claim about FIFA’s internal security planning. As stated on the report cover, the report does not claim to know whether FIFA has a post-quantum plan.
The analysis concludes that the risk is material, time-sensitive, and difficult to remedy after encrypted traffic has been harvested.
“Global football presents a rare combination of mandatory medical screening, identity concentration, cross-border data movement, and lifetime-sensitive records,” the report states. “The issue is not only when quantum decryption becomes practical. The issue is whether encrypted traffic collected today remains sensitive when that capability arrives.”
According to the report, FIFA has mandated pre-competition medical assessment for its competitions since 2010. Identity and registration records for players across all 211 FIFA member associations are concentrated through FIFA Connect, while medical disclosures move across borders through transfer and competition systems.
The report also examines how harvested encrypted traffic can retain value for decades. A player screened at age 22 in 2024 will be 58 in 2060, when cardiac, medical, and identity data may still remain sensitive.
The report reviews published quantum-cryptanalysis estimates and notes that resource estimates have moved sharply downward within each problem class. A peer-reviewed 2019 estimate put a quantum attack on RSA-2048 at roughly 20 million physical qubits. A 2025 update by the same author placed the estimate under one million physical qubits.
For elliptic-curve cryptography, the family of algorithms protecting much of today’s encrypted web traffic, March 2026 preprints pending peer review place plausible attacks below half a million qubits and, under one aggressive neutral-atom architecture, in the tens of thousands. The report states that its thesis does not depend on the newest preprint figures. It rests on the peer-reviewed baseline, the direction of the research, and the lifetime sensitivity of the data.
The report also cites draft NIST guidance targeting deprecation of current public-key algorithms for United States federal systems around 2030, along with Google’s stated 2029 internal migration deadline. Enterprise migrations of this kind often require multiple years of inventory, testing, sequencing, and deployment.
The Qtonic Quantum Research Team also identifies a political-exposure dimension that is unusual in sport. Professional footballers whose data is collected during playing careers can later enter public life, including at head-of-state level. The report cites George Weah, FIFA World Player of the Year in 1995 and President of Liberia from 2018 to 2024, as one documented example. The report makes no statement about any named individual’s data.
To the Qtonic Quantum Research Team’s knowledge, and within a disclosed search methodology re-run on the date of publication, no major football governing body has publicly announced a post-quantum migration program. The report does not claim to know whether any football governing body has internal or unpublished post-quantum activity underway.
The report assigns a qualitative HNDL Risk Rating of Critical and recommends a cryptographic inventory as the first concrete step. That inventory would map where cardiac, medical, and identity data is stored, how it is encrypted, and which algorithms are in use.
“Athletes and their managers should have an expectation that their personal and biometric data is treated with care. ‘Harvest now, decrypt later’ means they are already facing this issue,” said Richard H. “Rick” Ledgett, Jr., former Deputy Director and Chief Operating Officer of the National Security Agency, now a national security expert with Qtonic Quantum Corp.
“FIFA athletes and members deserve the highest level of personal data protection. The risks are growing, and quantum readiness can no longer wait. The time to act is now,” said Dr. Shue-Jane L. Thompson, an enterprise security expert with Qtonic Quantum Corp and former Global Managing Partner at IBM Consulting.
The full report is available at qtonicquantum.com/fifa.
Notes to editors
The report runs 30 pages and includes its search methodology, a three-tier evidence classification applied to every claim, source documentation, and an appendix stating the specific conditions under which its thesis would weaken.
The search methodology behind the “no public announcement” finding is disclosed in full in Appendix B. It was re-run and timestamped on the morning of publication. Independent replication is invited.
Factual errors identified after publication will be corrected in subsequent versions and noted.
A four-panel summary graphic, “The Risk in Four Views,” is available for editorial use on request.
The report names individuals solely as publicly documented examples of athletes who later entered public life and makes no statement about any individual’s data or risk.
About Qtonic Quantum Corp
Qtonic Quantum Corp provides quantum risk and vulnerability intelligence to enterprises and governments, including cryptographic discovery, forward-threat validation on real quantum hardware, and post-quantum migration support.
The company is headquartered in Miami, Florida, with research and development operations in Be’er Sheva, Israel.
Post-Quantum Ready. Continuously.
Qtonic Quantum Corp offers commercial services in the field addressed by this report. The report discloses that interest.
Media contact
Qtonic Quantum Research Team
info@qtonicquantum.com
Qtonic Quantum Corp today published a public research report examining harvest-now-decrypt-later exposure in global football, with a focus on mandatory medical, cardiac, and identity data collected across FIFA’s global competition and registration environment.
The 30-page report, prepared by the Qtonic Quantum Research Team, was released on the opening day of the 2026 FIFA World Cup. The tournament is expected to generate one of the most concentrated bursts of cross-border medical and registration-related data transfers in the sport’s calendar.
The report analyzes why this category of football data presents a different risk profile from ordinary enterprise data. A compromised password can be rotated. A compromised payment card can be reissued. A decrypted cardiac record, medical history record, or biometric identity element cannot be changed after exposure.
The report is a structural risk analysis based entirely on public sources. It does not allege any breach. It does not claim that any harvest-now-decrypt-later operation is targeting football data. It makes no claim about FIFA’s internal security planning. As stated on the report cover, the report does not claim to know whether FIFA has a post-quantum plan.
The analysis concludes that the risk is material, time-sensitive, and difficult to remedy after encrypted traffic has been harvested.
“Global football presents a rare combination of mandatory medical screening, identity concentration, cross-border data movement, and lifetime-sensitive records,” the report states. “The issue is not only when quantum decryption becomes practical. The issue is whether encrypted traffic collected today remains sensitive when that capability arrives.”
According to the report, FIFA has mandated pre-competition medical assessment for its competitions since 2010. Identity and registration records for players across all 211 FIFA member associations are concentrated through FIFA Connect, while medical disclosures move across borders through transfer and competition systems.
The report also examines how harvested encrypted traffic can retain value for decades. A player screened at age 22 in 2024 will be 58 in 2060, when cardiac, medical, and identity data may still remain sensitive.
The report reviews published quantum-cryptanalysis estimates and notes that resource estimates have moved sharply downward within each problem class. A peer-reviewed 2019 estimate put a quantum attack on RSA-2048 at roughly 20 million physical qubits. A 2025 update by the same author placed the estimate under one million physical qubits.
For elliptic-curve cryptography, the family of algorithms protecting much of today’s encrypted web traffic, March 2026 preprints pending peer review place plausible attacks below half a million qubits and, under one aggressive neutral-atom architecture, in the tens of thousands. The report states that its thesis does not depend on the newest preprint figures. It rests on the peer-reviewed baseline, the direction of the research, and the lifetime sensitivity of the data.
The report also cites draft NIST guidance targeting deprecation of current public-key algorithms for United States federal systems around 2030, along with Google’s stated 2029 internal migration deadline. Enterprise migrations of this kind often require multiple years of inventory, testing, sequencing, and deployment.
The Qtonic Quantum Research Team also identifies a political-exposure dimension that is unusual in sport. Professional footballers whose data is collected during playing careers can later enter public life, including at head-of-state level. The report cites George Weah, FIFA World Player of the Year in 1995 and President of Liberia from 2018 to 2024, as one documented example. The report makes no statement about any named individual’s data.
To the Qtonic Quantum Research Team’s knowledge, and within a disclosed search methodology re-run on the date of publication, no major football governing body has publicly announced a post-quantum migration program. The report does not claim to know whether any football governing body has internal or unpublished post-quantum activity underway.
The report assigns a qualitative HNDL Risk Rating of Critical and recommends a cryptographic inventory as the first concrete step. That inventory would map where cardiac, medical, and identity data is stored, how it is encrypted, and which algorithms are in use.
“Athletes and their managers should have an expectation that their personal and biometric data is treated with care. ‘Harvest now, decrypt later’ means they are already facing this issue,” said Richard H. “Rick” Ledgett, Jr., former Deputy Director and Chief Operating Officer of the National Security Agency, now a national security expert with Qtonic Quantum Corp.
“FIFA athletes and members deserve the highest level of personal data protection. The risks are growing, and quantum readiness can no longer wait. The time to act is now,” said Dr. Shue-Jane L. Thompson, an enterprise security expert with Qtonic Quantum Corp and former Global Managing Partner at IBM Consulting.
The full report is available at qtonicquantum.com/fifa.
Notes to editors
The report runs 30 pages and includes its search methodology, a three-tier evidence classification applied to every claim, source documentation, and an appendix stating the specific conditions under which its thesis would weaken.
The search methodology behind the “no public announcement” finding is disclosed in full in Appendix B. It was re-run and timestamped on the morning of publication. Independent replication is invited.
Factual errors identified after publication will be corrected in subsequent versions and noted.
A four-panel summary graphic, “The Risk in Four Views,” is available for editorial use on request.
The report names individuals solely as publicly documented examples of athletes who later entered public life and makes no statement about any individual’s data or risk.
About Qtonic Quantum Corp
Qtonic Quantum Corp provides quantum risk and vulnerability intelligence to enterprises and governments, including cryptographic discovery, forward-threat validation on real quantum hardware, and post-quantum migration support.
The company is headquartered in Miami, Florida, with research and development operations in Be’er Sheva, Israel.
Post-Quantum Ready. Continuously.
Qtonic Quantum Corp offers commercial services in the field addressed by this report. The report discloses that interest.
Media contact
Qtonic Quantum Research Team
info@qtonicquantum.com
Contact
Qtonic Quantum Corp
Jessica Gold
1 866 4 QTONIC
www.qtonicquantum.com
Jessica Gold
1 866 4 QTONIC
www.qtonicquantum.com
Contact
Multimedia
Resource Estimates by Problem Class
Graphic summarizing published quantum resource estimates by problem class and showing the downward movement in estimated physical qubit requirements for attacks on current public-key cryptography.
The Exposure Window
Graphic showing how long-lived football medical and identity data can remain sensitive for decades, while quantum migration timelines and harvest-now-decrypt-later exposure create a shrinking window to act.
Time to Remediate After Compromise
Graphic comparing remediation timelines after different types of compromise, showing why exposed medical, biometric, and identity data can create long-term risk that cannot simply be rotated or reissued.
Public PQC Migration Posture by Sector
Graphic comparing public post-quantum migration signals across major sectors, showing that football governing bodies have not yet made a comparable public migration announcement.
Categories