NASCAR confirms user data breach following Medusa ransomware attack

News
By published

Months after incident, NASCAR confirms losing data to hackers

Image credit: Pixabay (Image credit: Image credit: Pixabay)
  • NASCAR files reports with state regulators confirming April 2025 attack
  • It did not say how many people were affected
  • The company is offering free credit monitoring for affected victims

NASCAR has confirmed it suffered a cyberattack and a data breach in April 2025 which saw personal information of racing fans allegedly stolen.

The organization filed data breach reports with attorneys general in multiple US states, describing what had happened, and how it responded, noting the attack started on March 31, 2025, and was spotted - and stopped - on April 3.

During that period, the company said it secured its network, brought in third-party cybersecurity experts to analyze the incident, and notified the appropriate law enforcement.

The subsequent investigation determined that the attackers stole people’s names and Social Security numbers (SSN).

Medusa claims responsibility

While NASCAR did not discuss the nature of the incident, or the identity of the threat actors, ransomware operators known as Medusa had claimed responsibility several months ago.

In April 2025, the group added NASCAR to its data leak site and demanded $4 million in ransom, The Record reported, stating the deadline for payment expired on April 19.

It is unknown if NASCAR paid the ransom demand or not, but there is no evidence that the data leaked to the public.

Medusa is an active threat actor with numerous high-profile victims, including Toyota Financial Services (TFS), which was struck in November 2023, Minneapolis Public Schools (MPS), targeted in February 2023, and Philippine Health Insurance Corporation (PhilHealth), which suffered an incident in September 2023.

Medusa engages in the usual double-extortion tactic, exfiltrating sensitive files from the system before encrypting the entire network. That way, if the victim decides to restore the files from a backup, the group can threaten to release them on the internet, which could bring regulatory fines, class-action lawsuits, and more.

It's not known exactly how many people were affected by the attack, but victims have been offered free credit monitoring services for a year, through Experian IdentityWorks.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.