A company that provides software for sports leagues to manage referees and game officials has disclosed a security incident that impacted around 540,000 of its registered members — consisting of referees, league officials, and school representatives.
ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year.
In a data breach notification letter filed with multiple states across the US [1, 2], the company said that despite detecting and blocking the hackers from encrypting its files, the intruders managed to steal a copy of its backups.
This backup contained data from ArbiterGame, ArbiterOne, and ArbiterWorks — three of the web applications used by schools and sports leagues to assign and manage the schedules and training programs of referees and game officials.
ArbiterSports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers.
"The passwords and Social Security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data," the company said.
ArbiterSports said that after blocking the attempt to encrypt its local data, the hackers reached out and demanded payment in exchange for deleting the files that they obtained.
The company said it paid the ransom demand and "obtained confirmation that the unauthorized party deleted the files."
However, there is no guarantee that the hackers haven't made a copy of the data before deleting ArbiterSport's data. Sources in the incident response (IR) community have told ZDNet about cases where ransomware gangs did not delete the data.
An ArbiterSports spokesperson was not immediately available for additional comments, despite repeated attempts.
The ArbiterSports incident is reminiscent of a similar incident disclosed by Blackbaud, a provider of cloud-based software to universities and non-profits. Blackbaud also avoided having its files encrypted, but eventually had to pay hackers to delete files they stole before being detected.
The Blackbaud incident triggered a wave of second-hand breach notifications from universities, schools, and colleges all over the world, all who had to inform their own customers of the incident.
tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im
مقالات مشابه
- Dont Waste Time! Six Facts Until You Reach Your Building My Makeup Brand
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- iOS 14 برای اولین بار: اپل راه اندازی یک آی فون جدید با صفحه نمایش, سیری, ویدجت, تصویر در تصویر, تصویری, پشت ضربه بزنید و بیشتر - CNET
- چهار توضیح چرا فیسبوک برای برج خنک کننده بدترین انتخاب است
- واقعاً با شیلنگ چه اتفاقی میافتد
- Facebook می گوید: 5,000 توسعه دهندگان نرم افزار رو اطلاعات کاربر پس از تاریخ قطع
- IDC رئیس جمهور: 5 مرحله از COVID-19 همه گیر enterprise بازیابی
- چین به تازگی راه اندازی نهایی آن ماهواره برای تکمیل نسخه خود را از GPS - CNET
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- چگونه 8 چیز روش شما را تغییر خواهد داد نحوه خرید فالوور اینستاگرام