NBA Alerts Fans After Hack Of The Third-Party Service Provider

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 21, 2023 07:36 am PST

A notice has been issued by the National Basketball Association (NBA) to inform its fans about a data breach incident that resulted in the theft of certain personal information. An email titled “Notice of Cybersecurity Incident” to an unspecified number of fans informing them that an unauthorized third party had obtained their name and email address. The information was held by a third-party service provider that assists the NBA in communicating with fans who have voluntarily shared their details.

Managing five professional sports leagues, namely WNBA, NBA, Basketball Africa League, NBA G League, and NBA 2K League. These games and programming are broadcast globally, reaching over 215 countries and territories and being available in over 50 languages.

As per the notice, the NBA’s systems remain unaffected by the incident, and the login credentials of affected fans remain uncompromised. However, certain personal information of these fans was taken from the database of a third-party service provider. To assess the extent of the impact, the NBA has engaged the services of external cybersecurity specialists and is collaborating with the third-party provider as part of a continuing investigation.

“Your name and email address were managed by a third-party service provider that assisted the NBA in communicating with fans who have provided through email. Unfortunately, we have received information that an unauthorized third party gained access to these records and made a copy of them.” the NBA says.

The Extent Of The Breach 

The NBA has sent a warning to its fans after a third-party service provider was hacked, potentially compromising the personal information of its users. The breach occurred on a business’s servers that offer the league’s email marketing tool. The system was compromised, giving the hackers access to names, email addresses, and other personally identifiable data of NBA supporters who receive promotional letters from the league.

No financial or sensitive information, such as credit card details or social security numbers, was compromised in the breach. The league is cautioning fans to be watchful and monitor their personal information for any suspicious behavior, though, as a precaution.

In a statement, the NBA said, “We are working closely with our third-party service provider to investigate the matter and ensure the safety of our fans’ data as we emphasize protecting their personal information. We regret any annoyance or worry this may have caused our supporters and will provide them with further updates as we learn more.”

Phishing Attacks and Social Engineering Scams

Considering the sensitivity of the data involved, the NBA has cautioned the impacted fans that there is a higher possibility that they may be the victim of phishing attacks and other scams. 

Fans are urged by the alert email to exercise caution when reading shady emails or other communications that might appear to come from the NBA or its partners. Fans are urged to double-check that emails they receive are coming from a reliable “” address and that attached links go to reputable websites. The NBA stated categorically that it would never send emails to supporters requesting their account information, such as usernames or passwords.

They further cautioned that those who were impacted might be the target of other “social engineering” attacks, in which a perpetrator tries to persuade a victim to divulge sensitive information or engage in other undesirable behaviour. Therefore, it is recommended that fans never open email attachments they did not request.

Reassurance For NBA Fans

Despite the breach being a matter of concern, the NBA has reassured the public that there is no evidence to suggest that their systems or their fans’ accounts, including usernames and passwords, have been affected. The NBA has reiterated its commitment to protecting the privacy of its fans’ data by affirming its dedication to implementing and maintaining appropriate technical and organizational safeguards to ensure the security of its information.

The NBA has also advised fans to change their passwords and enable two-factor authentication on their accounts as an added security measure. Additionally, the league recommends that fans be wary of unsolicited emails or requests for personal information, especially from unknown sources. The NBA has pledged to keep a close eye on the situation and to offer any needed further information.

Best Practices For Businesses Working With Third-Party Service Providers

The recent data breach at the NBA highlights the significant risks associated with working with third-party service providers. These providers often have access to sensitive information, such as customer data and financial records, making it essential for businesses to vet and monitor them for adequate security measures carefully.

To reduce these risks, businesses can adopt multiple measures. Initially, they can enforce multi-factor authentication and encryption protocols to safeguard confidential information. This may involve mandating employees to use robust passwords, frequently updating them, and leveraging encryption techniques to secure data while it is in motion or at rest.

Second, businesses can provide employee training on data security best practices. This can include educating employees on recognizing phishing attacks, safely handling and storing sensitive data, and reporting suspicious activity or incidents.

Third, businesses can regularly review and update their security policies and procedures to ensure they are up-to-date with the latest security threats and best practices. This can include conducting regular security audits and assessments and implementing security incident response plans in case of a breach.

While no solution is foolproof, taking these steps can help businesses protect the sensitive information of their customers and clients. By carefully vetting and monitoring third-party service providers, implementing robust security measures, and providing employee training, businesses can minimize the risk of a data breach and protect the trust and confidence of their customers.


The recent event underlines the significance of safeguarding personal information and the potential dangers of relying on third-party service providers. It also serves as a caution to individuals to exercise caution while opening emails or messages, particularly if they contain attachments or links. The NBA’s response to the event serves as a prime example of the significance of having a thorough incident response plan to guarantee that prompt action is taken to control and mitigate the effects of a data breach. It is comforting to see that the NBA has handled the situation seriously, swiftly informed the impacted fans, and is currently looking into it.

The NBA data breach serves as a stark reminder for organizations to prioritize data privacy and cybersecurity and implement appropriate measures to safeguard customers’ personal information. Fans must stay alert and adopt preventive measures to protect themselves against phishing attacks and social engineering scams. The NBA and its fans will undoubtedly be keeping a close eye on the situation as it develops, with hopes that the league’s swift action will help prevent any further unauthorized access to fans’ personal information.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x