NFL’s San Francisco 49ers are mailing notification letters confirming a data breach affecting more than 20,000 individuals following a ransomware attack that hit its network earlier this year.
The San Francisco Bay Area professional American football team confirmed that personal information (including names and Social Security numbers) belonging to 20,930 impacted individuals was accessed and/or stolen in the attack between February 6 and February 11, 2022.
“The 49ers conducted a thorough review of these files to identify the individuals whose information was contained in the files, and additional research to locate and verify the addresses for these individuals,” the team revealed in notification letters sent to affected individuals starting Thursday.
“The 49ers completed this process on August 9, 2022, and discovered that the incident involved the name and Social Security number of seven Maine residents.”
At the time, the 49ers confirmed the incident in a statement to BleepingComputer, saying it caused a temporary disruption to portions of their IT network.
While the football team did not reveal whether the attackers successfully deployed ransomware payloads, the statement said they are still restoring systems, indicating that the breached devices were also likely encrypted.
“As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible,” the 49ers told BleepingComputer.
Attack claimed by the Blackbyte ransomware gang
The BlackByte gang claimed responsibility for the attack on February 12, right as the NFL was getting ready for Super Bowl 2022, by starting to leak files claimed were stolen from the 49ers’ network.
The ransomware group also leaked an archive containing 292 MB worth of files the gang said were invoices stolen from 49ers’ compromised servers.
Although it is unknown how much data was stolen during the February attack, BlackByte is known for selling gigabytes of data from some of its previous victims.
The BlackByte ransomware operation was launched in July 2021 when it started targeting corporate entities worldwide.
“We notified law enforcement and are fully supporting their investigation,” the 49ers added in the data breach notification letters.
“We are also taking steps to help prevent something like this from occurring again, including additional measures to further enhance our security protocols and continued education and training to our employees.”
