The San Francisco 49ers will notify more than 20,000 Americans that online attackers likely stole their name and Social Security number in a February network security incident. The gridiron team is among the world’s most valuable sports franchises with a net worth estimated by Forbes to be $3.8 billion.
Letters being sent to 20,930 individuals reveal few details about the incident, other than that the team engaged an outside cybersecurity firm. The company says it is taking steps to ensure future incidents that include “measures to further enhance our security protocols and continued education and training to our employees.”
A 49ers spokesman tells Information Security Media Group the company regrets the incident. “We take seriously our responsibility to safeguard personal and sensitive information entrusted to us and are committed to working with cybersecurity experts to ensure we are protected from any future similar incidents,” says Jacob Fill.
He did not respond when asked to confirm the incident involved ransomware. The 49ers are offering affected individuals a year’s worth of credit monitoring and identity theft protection services.
Cisco Talos Intelligence Group considers BlackByte to be a “big game ransomware group” whose malware is used to go after moneyed, high-profile targets.