[BreachExchange] Indiana Pacers disclose security breach
Destry Winant
destry at riskbasedsecurity.com
Tue May 14 09:11:10 EDT 2019
https://www.zdnet.com/article/indiana-pacers-disclose-security-breach/
Pacers Sports & Entertainment (PSE), the legal entity behind the
Indiana Pacers and the Indiana Fever NBA and WNBA basketball teams,
respectively, announced a security breach on Friday during which
hackers gained access to sensitive user information.
In a press release published yesterday, the company blamed the breach
on a phishing campaign during which hackers managed to gain access to
several PSE employee accounts.
It said hackers had access to these accounts between October 15, 2018,
and December 4, 2018.
PSE is notifying customers now, but the company said it learned of the
breach way back last year, on November 16, leaving many to ask
themselves: What took so long?
"After a thorough review of these email accounts, PSE determined that
a limited number of personal records were present in the affected
emails," the company said.
Exposed information ranges wildly, and PSE said it might include name,
address, date of birth, passport number, medical and/or health
insurance information, driver's license/state identification number,
account number, credit/debit card number, digital signature, username
and password, and in some cases even Social Security numbers.
IS IT EMPLOYEE OR CUSTOMER DATA?
As DataBreaches.net pointed out, PSE did not mention if this data
belongs to PSE employees or PSE customers -- such as those who
registered for the Pacers online shop to buy gear and memorabilia.
By the wide range of exposed information, at first sight, it may
appear that it's both -- although, ZDNet reached out to PSE via email
earlier today to clarify this issue in the company's confusing breach
disclosure.
A phone number that potential victims can call and get more
information about the incident and see if they are impacted is
available on the Pacers website.
PSE also published information on how impacted individuals can protect
themselves against fraud and identity theft. The company said it did
not receive any reports that personal data has been misused.
More information about the BreachExchange
mailing list