NBA

The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen.

The NBA is a global sports and media organization that manages five professional sports leagues, including the NBA, WNBA, Basketball Africa League, NBA G League, and NBA 2K League.

NBA programming and games are broadcasted worldwide, in over 215 countries and territories, spanning over 50 languages.

In "Notice of Cybersecurity Incident" emails sent to an unknown number of fans, NBA says its systems were not breached, and the affected fans' credentials were not impacted in this incident. However, some fans' personal information was stolen.

"We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA," the NBA says.

"There is no indication that our systems, your username, password, or any other information you have shared with us have been impacted."

After being informed of the incident, the NBA is working with the third-party service provider as part of an ongoing investigation and has hired the services of external cybersecurity experts to analyze the scope of the impact.

Fans warned to watch out for phishing attacks

The NBA also warned that, due to the sensitive nature of the data involved, there is an increased likelihood that the affected individuals might be targeted in phishing attacks and various scams.

Affected fans were strongly encouraged to remain vigilant when opening suspicious emails or communications that may seem to originate from the NBA or its partners.

"Given the nature of the information, there may be heightened risk of you receiving 'phishing' emails from email accounts appearing to be affiliated with the NBA, or of being targeted by other so-called 'social engineering' attacks (where an individual seeks to trick the target into sharing confidential information or otherwise taking actions contrary to his or her own interest," the NBA said.

The notification emails add that the NBA will never request the fans' account information, including usernames or passwords, via email.

Affected fans are also advised to verify that received emails are sent from a legitimate "@nba.com" email address, to check that embedded links point to a trusted website, and never open email attachments they don't expect to receive.

 

"We were recently made aware that an unauthorized third party gained access to the IT systems of an NBA service provider for mobile app and email communications," an NBA spokesperson told BleepingComputer.

"As a result, copies of names and email addresses of some NBA fans were captured. There is no impact whatsoever to the NBA's systems or to the assets held securely at the NBA. The league immediately took action to contain the issue, identify those impacted and communicate potential risks and next steps."

Update: Added NBA statement.

Related Articles:

Retail chain Hot Topic hit by new credential stuffing attacks

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Fujitsu found malware on IT systems, confirms data breach

AT&T says leaked data of 70 million people is not from its systems

French unemployment agency data breach impacts 43 million people