NASCAR warned clients this week of a knowledge breach brought on by a cyberattack in March.
The incident uncovered the Social Safety numbers of an unknown variety of victims. In filings with regulators in Maine, New Hampshire and Massachusetts, the corporate declined to say how many individuals had been affected.
NASCAR, an acronym for the Nationwide Affiliation for Inventory Automotive Racing, mentioned its IT workforce recognized a cyberattack on April 3 and commenced an investigation.
Regulation enforcement was notified and a cybersecurity agency was employed to look into the assault.
“The investigation decided that the unauthorized actor acquired sure recordsdata on the Firm’s community between March 31 and April 3, 2025,” NASCAR mentioned.
In late June, the corporate decided that Social Safety numbers had been uncovered.
Based in 1948, the Daytona Seaside-based firm operates as an auto racing sanctioning physique that organizes greater than 1,500 races throughout the U.S. annually.
Breach notification letters had been despatched out to victims on July 24, and victims are being given one 12 months of credit score monitoring providers.
NASCAR didn’t reply to requests for remark in April when the Medusa ransomware gang added the corporate to its leak web site and demanded a $4 million ransom. The corporate additionally didn’t reply to inquiries on Friday.
Medusa claimed to have exfiltrated gigabytes of firm information and set a deadline of April 19 for ransom cost. It’s unclear if the information was revealed.
In March, the FBI and different U.S. companies warned that Medusa was behind greater than 300 cyberattacks on crucial infrastructure organizations.
For greater than 4 years, the group has terrorized governments and firms — gaining notoriety for an attack on Minneapolis Public Schools that uncovered troves of delicate scholar paperwork impacting greater than 100,000 folks.
Along with assaults on the Pacific island nation of Tonga, it has focused municipalities in France and government agencies in the Philippines, in addition to a know-how firm created by two of Canada’s largest banks.
Rebecca Moody, head of information analysis on the cybersecurity agency Comparitech, mentioned Medusa is among the many prime 10 most prolific ransomware strains this 12 months to this point, with 106 assaults claimed and 19 which have been confirmed.
The group’s assault on Bell Ambulance affecting greater than 100,000 folks is certainly one of this 12 months’s largest information breaches, she mentioned.
Recorded Future
Intelligence Cloud.
