NASCAR (National Association for Stock Car Auto Racing) has confirmed a significant data breach after discovering unauthorized access to its network following a cyberattack in late March 2025. The incident, detected on April 3, exposed the names and Social Security numbers of an unknown number of individuals. Details emerged via official filings with state regulators in Maine, New Hampshire, and Massachusetts, but the exact scope remains undisclosed[1][3][8].
Timeline of the Incident
- March 31–April 3, 2025: Unauthorized actor accessed and acquired files from NASCAR's network.
- April 3, 2025: IT staff identified the breach and started an internal investigation[3][4].
- Late June 2025: NASCAR confirmed that Social Security numbers were involved.
- July 24, 2025: Breach notification letters sent to victims, accompanied by offers of one year of free credit monitoring[1][3][8].
Who Was Behind the Attack?
The Medusa ransomware group claimed responsibility, adding NASCAR to their dark web leak site and demanding a $4 million ransom by April 19, 2025. Medusa published samples of allegedly stolen data to pressure the organization, including internal maps, personnel info, and business documents. It’s unclear if NASCAR paid or if the data was published in full[3][5][6][8][17].
NASCAR’s Response
- NASCAR engaged law enforcement and hired a cybersecurity firm to investigate and contain the breach.
- Affected customers were offered 12 months of free credit monitoring and identity theft protection through Experian.
- NASCAR declined to disclose the total number of people impacted or the full range of exposed information[1][3][8].
About the Medusa Ransomware Gang
Medusa is one of the most prolific ransomware actors in 2025, using “double extortion” (encrypting files and threatening to leak stolen data). The FBI and CISA have linked Medusa to 300+ attacks this year—including high-profile incidents in healthcare, education, finance, and government sectors worldwide[7][10][13][18][20]. Notable Medusa breaches include the Minneapolis Public Schools and several major enterprises.
Lessons & Takeaways
- Modern ransomware is about more than encryption—data theft and extortion are now routine.
- Even organizations with significant resources (like NASCAR) are vulnerable.
- Immediate response, law enforcement notification, and proactive support for victims are best practices.
If you received a notification from NASCAR, enroll in credit monitoring and review your accounts for suspicious activity.