A notice of a cybersecurity incident has been sent to all NBA (National Basketball Association) fans after the company detected a breach in their third-party newsletter service where customers’ data is stored.
The National Basketball Association is a premier basketball league based in the US and Canada, comprising 30 professional teams in the sport. With the organisation’s gained recognition worldwide, it is probable that threat actors would also target them to be able to steal millions of fans’ data for cybercrime schemes.
According to the notice, some personal information owned by the NBA fans was stolen in the incident, although there is no indication that more critical credentials had been compromised, such as account usernames and passwords.
The unauthorised entity that broke into NBA’s systems obtained a copy of the fans’ full names and email addresses. Nonetheless, these are the only data said to have been collected by the threat actors.
The compromised network was a third-party service provider helping NBA communicate with fans through email.
Although unspecified, NBA’s affected third-party service provider has already been working with the company in an ongoing investigation. External cybersecurity professionals have also been hired to aid with assessing the data breach incident’s scope and impact.
NBA said that despite the limited data compromised in the cyberattack, fans must still be cautious about potential threats from malicious actors. These cybercriminals can use the stolen information from NBA fans for fraudulent activities, such as identity theft or phishing campaigns.
Moreover, phishing actors can use NBA’s name or partners to trick people into giving away sensitive information. Thus, the company reminded people that their organisation would never ask for account credentials via emails or text messages, such as usernames or passwords.
For people receiving emails they deem suspicious, it is strongly recommended that they first check if it is sent from the legitimate “@nba.com” email address. Ultimately, people must refrain from opening or interacting with attachments in these suspicious emails as they might contain malware or redirect them to attacker-controlled websites.
