The NBA has warned about a data breach that has resulted in the theft of some personal details.
That personal data was stolen from what's described as a third-party newsletter service. Those affected have reportedly been contacted by the NBA and notified of the breach, and that some personal info was leaked, including names and email addresses.
However, the NBA clarified that its own systems had not been hacked, and that usernames, passwords, and suchlike have not been compromised.
The NBA gave a statement to the information security website Bleeping Computer to confirm that:
"We were recently made aware that an unauthorized third party gained access to the IT systems of an NBA service provider for mobile app and email communications."
"As a result, copies of names and email addresses of some NBA fans were captured. There is no impact whatsoever to the NBA's systems or to the assets held securely at the NBA. The league immediately took action to contain the issue, identify those impacted and communicate potential risks and next steps."
We're told that the NBA is now investigating the issue and has brought in cybersecurity experts to look into the incident in depth and evaluate the extent of the damage.
What's clear enough is that the attackers, having gotten email addresses and names, may well be aiming to cook up some phishing scam, and could even purport to be the NBA when contacting those who have had their data spilled in this breach.
In short, look out for scam emails along those lines, and indeed that goes for any circumstances and organization, really, not just the NBA.
Cybercriminals often try to impersonate official bodies (like the IRS, for example) or companies, sending what appear to be matters that need to be dealt with urgently in the hope that the hapless receiver of the message may act in haste and not check the details of the message properly. (For example, the domain from where the message has been sent, which is often a giveaway, and a slightly misspelled or altered version of the real domain).