- NASCAR -Files report with state regulators confirming April 2025 -attack
- It didn’t say how many people were affected
- The company offers free credit monitoring for affected victims
NASCAR has confirmed that it suffered a cyberattack and a data violation in April 2025 that saw personal information about racing fans allegedly stolen.
The organization submitted data violation reports to General Attorneys in several US States describing what had happened and how it reacted, noting that the attack started on March 31, 2025 and was discovered – and stopped – on April 3.
During this period, the company said it secured its network, brought in a third-party cybersecurity experts to analyze the incident and informed the relevant law enforcement.
The subsequent study determined that attackers stole people’s names and social security number (SSN).
Medusa claims responsibility
While Nascar did not discuss the nature of the incident or identity of the threat actors, Ransomware operators had known as Medusa assumed responsibility several months ago.
In April 2025, the NASCAR group added to its data leakage -Websted and demanded $ 4 million in ransom, The post reported in which it was stated that the deadline for payment expired on April 19.
It is unknown whether NASCAR paid the demand for ransom or not, but there is no evidence that the data leaked to the public.
Medusa is an active threat actor with several high -profile victims, including Toyota Financial Services (TFS), who was hit in November 2023, Minneapolis Public Schools (MPS), targeted in February 2023, and Philippine Health Insurance Corporation (Philhealth), which suffered an event in September 2023.
Medusa engages in the usual double development tactic that exfiltrates sensitive files from the system before encrypting the entire network. That way, if the victim decides to restore the files from a backup, the group can threaten to release them on the Internet, which can result in regulatory fines, litigation and more class matters and more.
It is not known exactly how many people were affected by the attack, but the victims have been offered free credit monitoring services for a year through Experian IdentityWorks.
