Experts On News that Data of more than 500,000 referees stolen in ransomware attack

It has been reported that ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association), and many other US leagues have announced it fended off a ransomware attack. In a data breach notification letter filed with multiple states across the US, the company said that despite detecting and blocking the hackers from encrypting its files, the intruders managed to steal a copy of its backups.  This backup contained data from ArbiterGame, ArbiterOne, and ArbiterWorks — three of the web applications used by schools and sports leagues to assign and manage the schedules and training programs of referees and game officials. ArbiterSports said it paid the hackers to delete the stolen data — a database backup.


EXPERTS COMMENTS
Warren Poschman, Senior Solutions Architect,  comforte AG
September 23, 2020
The best strategy is to avoid sole reliance on key-based data protection.
One of the biggest problems when encrypting data is secure key management - when hackers gain access to encryption keys they start looking for data to decrypt because they know it has some value. The age-old adage rings true with the breach at ArbiterSports – encryption is easy, key management is hard. Keeping encryption keys accessible but secure is challenging when encrypting sensitive data ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
September 23, 2020
Take advantage of Arbiters offer of one year of free identity and credit protection services.
The reported ArbiterSports hack is another reminder of how successful ransomware attacks have become. What is startling is that in this case more than 500,000 referees and game officials are impacted. My recommendation for ArbiterSports is not to play the victim card, because they will only be seen as villains by its members. It is extremely important to be transparent to members and to continue t ....
[Read More >>]
Boris Cipot, Senior Sales Engineer ,  Synopsys
September 23, 2020
Information like addresses and Social Security Numbers are often used to commit acts of fraud.
As we can see in this instance, ransomware attacks are no longer simply about entering a system and encrypting its data. Attackers have expanded their portfolio of extortion methods to include a wide range of assets. Even if the target could prevent encryption, the attacker has successfully stolen backups and can extort the target anyway. In such cases, data resilience is demanded. However, based ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article