The Indiana Pacers, a major franchise team in the NBA was hit by a data breach between October 15, 2018, and December 4, 2018. Pacers Sports & Entertainment (PSE), which also manages operations of the Bankers Life Fieldhouse arena, said that unauthorized access to several of its employee accounts had been gained by “unknown actors”. The news comes soon after the Pacers were knocked out of the first round of the NBA playoffs, losing to the Boston Celtics.
Company behind Indiana Pacers and Indiana Fever said hackers breached employee accounts, stole personal data. https://t.co/n8fVEC1vcP
— Stealthcare (@Stealthcare_) May 13, 2019
Experts Comments:
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG:
“When comparing these cyber-attacks, in the case of the Indiana Pacers, an insider let someone from the outside gain access through a phishing scam. In contrast with the Atlanta Falcons, an outsider gained access to the inside through a website vulnerability. The Pacers made the NBA playoffs, and the Hawks only won 35% of their games. Besides being sports franchises, the other thing they have in common is being in danger to weaknesses and gaps in the data security chain.
Companies to focus on trying to keep outsiders out, but they still find a way to get in. Shifting priorities in data security to focus on protecting the data on the inside may help minimize the data criminals steal. Organizations should look at data-centric security, which turns real credit card numbers to fakes, turns names to gibberish, and other sensitive data is de-identified. Then, it doesn’t matter how an attacker gets in, or who the company is; the data isn’t exploitable.”
Colin Bastable, CEO at Lucy Security:
“The Indiana attack took place last year – so perhaps the trend is for organizations to be late in reporting breaches. Reporting breaches is a difficult process in the US, as so many states have their own regulations to be complied with. Remediation is so much more expensive than prevention.
It looks like the attack lasted 6 weeks, which is a lot of time to have hackers active in your email system. Perhaps it took this long to assess the full extent of the intrusion, or perhaps they still don’t know extensive it was. The costs of data breaches escalate significantly in line with delayed detection and remediation.
The Atlanta Hawks website hack demonstrates the danger of “convenience”: the vulnerability appears to have come from integrating a third party solution, perhaps an accounting app or a reporting tool. Adding more moving parts to IT infrastructure in this way has a multiplier effect on cyber-insecurity.”
Dan Tuchler, CMO at SecurityFirst:
“We have now seen at least two hacking attacks targeting sports teams. With the massive amount of money involved in professional sports, this is not surprising. Regulations are being put in place to protect personal data stored by giant social media companies. Should regulators take a closer look at sports teams and their websites? They are already adequately covered by broad e-commerce privacy regulations, but maybe they need more focused attention to compel them to make sure they keep private data secured.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.