The National Basketball Association has alerted its fans of the recent data breach that it has suffered, which exposed a lot of personal information. The data acquired may be used to conduct phishing attacks on the affected individuals.
NBA Data Breach
The personal data exposed was said to be held by a third-party newsletter service. It was not disclosed how many fans were affected by the cyber attack. The NBA claims in the Notice of Cybersecurity Incident that its systems were not breached.
The association announced that they were made aware of an unauthorized third party that accessed and created copies of names and email addresses. Information like usernames, passwords, and other information was not impacted, according to Bleeping Computer.
Despite the fans' credentials not being affected by the attack, the threat actor managed to get a hold of some of their information. The NBA has already hired an external cybersecurity service to resolve the issue and is working with a third-party service provider for the investigation.
Although the data stolen was limited, it is enough for threat actors to perform phishing attacks and other scams. The association urged fans to be cautious when opening suspicious emails or communication that only appear to be from the NBA or its partners.
To make sure that fans will not fall for phishing attempts, the NBA clarified that they will never ask fans for their account information, usernames, or passwords through their emails. Another indication that the email is legitimate is if the email address ends in "@nba.com."
Fans should also make sure that if they do receive emails with attachments that have links that lead to another website, they should verify it first before opening since it could lead them to a malicious website instead.
Read Also: AT&T Confirms Data Breach of 9 Million Customers via Hacked Marketing Vendor
Previous NBA-Related Cyber Attack
Back in April 2021, the NBA team Houston Rockets also suffered a cyber attack, wherein the threat actor attempted to install malware on the franchise's computer systems. However, the attempts failed and the hacker did not breach their systems.
The basketball team hired cybersecurity experts to look into the attack as they worked with the Federal Bureau of Investigation as well. Rockets spokesperson Tracey Hughes said that the organization detected suspicious activity on certain systems in its internal network.
The malware did not inflict any damage due to the cyber defenses that were already in place prior to the attack. The NBA team said that a few systems were affected but it did not affect their operations, as mentioned in Infosecurity Magazine.
Contrary to what the basketball organization said, a ransomware group claimed responsibility for the attack and said that they had 500 GB worth of data, which includes financial information, non-disclosure agreements, and team contracts.
The hacker group also threatened the Houston Rockets that they will keep the data if they did not pay a ransom. The threat actors updated the post and changed the threat to publication of the data should the team refuse to pay.
Related: Acer Confirms Theft of 160GB of Data Following Data Breach - Are Customers Safe?
