NBA warns supporters of a data breach that exposed personal data
Following the theft of some of the supporter’s personal data from a third-party newsletter service, the NBA (National Basketball Association) is notifying fans of a data breach.
Five professional sports leagues, including the NBA, WNBA, Basketball Africa League, NBA G League, and NBA 2K League, are managed by the NBA, a multi-national sports and media corporation.
NBA shows and games are aired internationally in more than 215 nations and territories and in more than 50 different languages. NBA claims that its systems were not compromised and that the affected fans access credentials were not impacted in “Notice of Cybersecurity Incident” emails sent to an undetermined number of fans. Personal data from certain fans, however, was taken.
“We just learned that an unauthorized third party received a copy of your name and email address, which was maintained by a third-party service provider that helps us interact via email with fans who have volunteered this information with the NBA,” the NBA states.
No evidence has been found to suggest that our systems, your username, password, or any other information you have shared with us have been impacted.
The NBA has hired the assistance of outside cybersecurity specialists to assess the extent of the effect and is collaborating with the third-party service provider as part of an ongoing investigation after the incident came to light.
Warning issued to fans about phishing scams
Due to the sensitive nature of the data involved, the NBA also cautioned that there is a higher risk that the impacted persons may be the subject of phishing attacks and other scams. Concerned fans were strongly advised to exercise caution when opening shady emails or other correspondence that might appear to come from the NBA or its partners.
According to the NBA, “Given the nature of the information, there may be a heightened risk of you receiving phishing emails from email accounts purporting to be affiliated with the NBA, or of being targeted by other so-called “social engineering” attacks (where a person attempts to trick the target into sharing confidential information or taking other actions against his or her own interests)”.
The reminder emails also state that the NBA would never email fans to solicit their account information, such as usernames or passwords. Concerned fans are also urged to make sure that emails they receive are coming from a reputable “@nba.com” email address, to double-check that embedded links lead to reliable websites, and to never open email attachments they didn’t expect to get.
Author: Sayyam Gangwal