The NBA has warned of a data breach that led to some personal data being stolen.
2The NBA has already sent emails to those affected (Image credits: Unsplash)
LOOK AT THE GALLERY – 2 IMAGES
That personal data was stolen by what is described as a third-party newsletter service. The affected individuals have reportedly been contacted by the NBA and notified of the breach, and that some personal information has been leaked, including names and email addresses.
However, the NBA has made it clear that their systems have not been hacked and that usernames, passwords and the like have not been compromised.
The NBA released a statement to information security website Bleeping Computer to confirm that:
“We were recently notified that an unauthorized third party gained access to an NBA service provider’s IT systems for mobile apps and email communications.”
“As a result, copies of the names and email addresses of some NBA fans have been captured. There is no impact to NBA systems or assets held securely at the NBA. The league took immediate action to contain the issue, identify affected individuals, and communicate potential risks and next steps.”
We were told that the NBA is now investigating the issue and has brought in cybersecurity experts to look into the incident thoroughly and assess the extent of the damage.
What is quite clear is that the attackers, having obtained email addresses and names, could be aiming to concoct some phishing scam and could even claim to be the NBA when they contact those who have had their data spilled in this breach.
In short, beware of scam emails along these lines, and indeed this goes for any circumstance and any organization, really, not just the NBA.
Cybercriminals often try to impersonate official bodies (such as the IRS, for example) or companies, sending what appear to be matters that need to be addressed urgently in the hope that the hapless recipient of the message will act fast and not check the details. of the message correctly. (For example, the domain from which the message was sent, which is often a freebie, and a slightly incorrect or altered version of the real domain).
