A company that provides software for sports leagues to manage referees and game officials has disclosed a security incident that impacted around 540,000 of its registered members — consisting of referees, league officials, and school representatives.
ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year.
In a data breach notification letter filed with multiple states across the US [1, 2], the company said that despite detecting and blocking the hackers from encrypting its files, the intruders managed to steal a copy of its backups.
This backup contained data from ArbiterGame, ArbiterOne, and ArbiterWorks — three of the web applications used by schools and sports leagues to assign and manage the schedules and training programs of referees and game officials.
ArbiterSports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers.
"The passwords and Social Security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data," the company said.
ArbiterSports said that after blocking the attempt to encrypt its local data, the hackers reached out and demanded payment in exchange for deleting the files that they obtained.
The company said it paid the ransom demand and "obtained confirmation that the unauthorized party deleted the files."
However, there is no guarantee that the hackers haven't made a copy of the data before deleting ArbiterSport's data. Sources in the incident response (IR) community have told ZDNet about cases where ransomware gangs did not delete the data.
An ArbiterSports spokesperson was not immediately available for additional comments, despite repeated attempts.
The ArbiterSports incident is reminiscent of a similar incident disclosed by Blackbaud, a provider of cloud-based software to universities and non-profits. Blackbaud also avoided having its files encrypted, but eventually had to pay hackers to delete files they stole before being detected.
The Blackbaud incident triggered a wave of second-hand breach notifications from universities, schools, and colleges all over the world, all who had to inform their own customers of the incident.
tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im
مقالات مشابه
- فیزیوتراپی در اهواز - تسکین
- اجی مجی بهترین راهکار آموزش دروس ابتدایی در دوران کرونا
- یکی از مواد غذایی شما باید هرگز غذا خوردن در صبح به دلیل آن را به آرامی از بین می برد و سوخت و ساز بدن شما
- Emmys 2020: From Watchmen to Schitt's Creek, the full list of winners - CNET
- کفش بالنسیاگا - آفلند
- بانک مرکزی استرالیا کمک به سازمان های دسترسی جدید پرداخت ویژگی های
- وام های حرفه ای: چرا باید به آنها اعتماد کنیم؟
- 2020 Maserati Quattroporte به نظر می رسد به عنوان با شکوه آن را به عنوان سواری - Roadshow
- PropertyGuru secures $220M in latest funding
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی