The NBA has warned of a data breach that has resulted in the theft of some personal information.
2The NBA has already sent out emails to those affected (Image credit: Unsplash)
VIEW GALLERY – 2 PICTURES
This personal data was stolen from a third-party newsletter service. Those affected have reportedly been contacted by the NBA and informed of the breach, and that some personal information, including names and email addresses, has been leaked.
However, the NBA made it clear that their own systems were not hacked and that usernames, passwords and the like were not compromised.
The NBA issued a statement to information security website Bleeping Computer to confirm the following:
“We were recently made aware that an unauthorized third party had gained access to the IT systems of an NBA service provider for mobile app and email communication.”
“As a result, copies of the names and email addresses of some NBA fans were collected. There will be no impact to the NBA’s systems or to the assets held securely by the NBA. The league took immediate action to contain the issue and identify those affected and communicate potential risks and next steps.”
We are told that the NBA is now investigating the issue and has brought in cybersecurity experts to thoroughly investigate the incident and assess the extent of the damage.
What is clear enough is that, after obtaining email addresses and names, the attackers could potentially aim to hatch a phishing scam and even pretend to be the NBA when contacting those whose details are involved in this breach were spilled.
In short, beware of scam emails along these lines, and indeed this applies to all circumstances and organizations, not just the NBA.
Cyber criminals often try to pose as official bodies (such as the IRS) or companies by sending things that appear to need urgent attention, hoping that the unfortunate recipient of the message may act hastily and not verify the details message correct. (For example, the domain the message was sent from, which is often a giveaway, and a slightly misspelled or altered version of the real domain).
