The American football team was hit by a BlackByte ransomware gang in February. Now, it says hackers stole personal information of over 20,000 Americans.
The San Francisco football team said 20,930 individuals were affected by a security incident this February. The data breach occurred between February 6 and February 11. Name or other personal identifiers in combination with Social Security numbers were stolen.
In September, 49ers started emailing customers, confirming the data breach.
“We are writing to notify you of a cybersecurity incident involving some of your data. [...] We take this situation seriously and sincerely regret any concern that this may cause,” the letter reads.
Cybernews internal intel shows that ransomware gang BlackByte was behind the February breach. According to cybersecurity company Trend Micro, BlackByte is a ransomware group that has been building a name for itself since 2021. It had already gone after at least three US critical infrastructure sectors (government facilities, financial, and food and agriculture.)
At the time when threat actors were roaming inside the National Football League member’s IT environment, the FBI and Secret Service released an advisory to be on the lookout for BlackByte.
“Some victims reported the actors used a known Microsoft Exchange Server vulnerability as a means of gaining access to their networks. Once in, actors deploy tools to move laterally across the network and escalate privileges before exfiltrating and encrypting files,” the advisory said.
49ers offer identity theft protection services through a complimentary one-year membership in Experian’s IdentityWorks Credit 3B.
“We recommend that you remain vigilant to the possibility of fraud by reviewing your financial account statements. You should immediately report any suspicious activity to your financial institution,” the team said.
More from Cybernews:
Subscribe to our newsletter