The personal information of 540,000 sports referees, league officials, and school representatives has been compromised following a ransomware attack targeting a software vendor for the athletics industry.
ArbiterSports, a software provider for several sports leagues including the NCAA, announced that it had averted a ransomware attack in July 2020, but despite blocking the attempt to encrypt their systems, the company discovered that a database backup had been accessed prior to the attack.
In their breach notifications filed with California and Iowa, ArbiterSports indicated they had paid the hackers to obtain “confirmation that the unauthorized party deleted the files.”
The data acquired and accessed contained a trove of valuable personal information, including usernames, passwords, names, addresses, birthdates, email addresses, and Social Security numbers.
“The passwords and Social Security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data,” ArbiterSports announced.
In its breach notification to affected customers, ArbiterSports is offering one free year of identity theft protection and is asking users to reset passwords. The company has declined to comment on the incident outside of its initial statement.