NBA suffers a Data Breach – Third Party Provider Data Stolen

The National Basketball Association (NBA) is the latest organization to suffer a data breach, with data stolen following the hack of a third-party newsletter service provider.

The association started informing affected fans, describing the data theft as an “incident”. The data stolen from the unnamed third-party provider included names and email addresses but did not include usernames, passwords, or other PII.

The NBA said that it had activated its incident response procedures upon learning of the unauthorized access. Even though the NBA itself wasn’t hacked, the association has hired outside cybersecurity experts and is working with the service provider to ensure that a breach does not occur again.

NBA has warned that the data could be used for social engineering attacks and that affected fans should be vigilant when opening suspicious emails or any other communications that may appear to come from the NBA or its partners. It added that it never asks for personal account information such as usernames by email and would never ask for password information under any circumstances.

The third-party provider is unknown for now, which need to come into limelight soon.

One possible third-party candidate is the Intuit owned Mailchimp, which performed a hat trick of data breaches in January, although there is no clear link between Mailchimp and the NBA. Mailchimp does, however, have partnerships with other major sporting leagues, such as the National Football League.