The Nationwide Affiliation for Inventory Automobile Auto Racing (NASCAR) is notifying an unknown variety of people that their private info was stolen in an April 2025 cyberattack.
The incident, the corporate says, was recognized on April 3 and concerned unauthorized entry to programs on its community.
NASCAR instantly activated its response plan, retained a cybersecurity agency to assist it examine, and notified regulation enforcement.
The investigation decided that hackers had entry to NASCAR’s community between March 31 and April 3, 2025, and that they exfiltrated information containing private info, together with names and Social Safety numbers.
The affected people are supplied with one or two years of free credit score and identification monitoring providers, the corporate notes in regulatory filings with the Maine, Massachusetts, and New Hampshire Legal professional Basic’s Workplaces.
NASCAR additionally mentioned it started sending written notification letters to the impacted people, to tell them of the incident, however didn’t share particulars on the variety of impacted people, nor on the kind of cyberattack it fell sufferer to.
In April, nevertheless, the Medusa ransomware group added NASCAR to its Tor-based leak website, claiming the theft of roughly 1 terabyte of information and demanding a $4 million ransom for the return of the stolen info.
NASCAR has not confirmed the attackers’ claims. SecurityWeek has emailed the corporate for a press release on the matter and can replace this text if it responds.Commercial. Scroll to proceed studying.
Based in 1948, NASCAR is a personal firm that owns 14 main racing venues, oversees inventory automobile racing within the US, and runs three racing collection.
Associated: Allianz Life Knowledge Breach Impacts Most of 1.4 Million US Clients
Associated: Advertising and marketing, Regulation Companies Say Knowledge Breaches Influence Over 200,000 Folks
Associated: Qantas Confirms 5.7 Million Impacted by Knowledge Breach
Associated: Nippon Metal Subsidiary Blames Knowledge Breach on Zero-Day Assault
