NFL Team Settles Lawsuit Concerning Ransomware Attack

On June 8, 2023, the San Francisco 49ers agreed to settle a class action lawsuit involving a data breach that took place over a five-day period, just prior to the Super Bowl in February of 2022. The breach was part of a ransomware attack implemented by the BlackByte ransomware gang. News of the attack broke hours before the big game and the 49ers quickly confirmed that their IT systems had been compromised. During the attack, the personally identifiable information of nearly 21,000 individuals was accessed, including names, birth dates and Social Security numbers (SSN). BlackByte gang also posted team documents that they had exfiltrated in the attack. Three separate suits were filed that were then combined into a single class action suit.

The plaintiffs alleged that despite being a multi-billion-dollar business, the San Francisco 49er organization failed to implement basic security measures to protect the personally identifiable information (PII) it collected from consumers and employees. In addition to insufficient security controls, they state that none of the hosted information was encrypted, allowing the attackers to easily access it. The suit also points out that team officials failed to notify victims of the breach until August 2022, allowing for an elongated window of vulnerability to identity theft, fraud, and other criminal activity. As an example, one of the three original plaintiffs reported having at least two fraudulent purchases on the credit card, used for purchases made on the team’s website.

As a result of the settlement, the 49ers, class members of the suit are entitled to recoup up to $2,000 for ordinary expenses involved in addressing the aftermath of having their data compromised.  Those who can provide documented extraordinary expenses are eligible to receive up to $7,500 of compensation. In addition, California residents are eligible to receive an $85 cash payment. The 49er organization also agreed to create a new IT position. The Executive Vice President of Technology will oversee IT operations and hire a dedicated cybersecurity professional.

BlackByte is known to use phishing attacks to infiltrate a targeted network, and they exfiltrate data just prior to encrypting hosted files. Protecting your email systems and inboxes from exploitation requires a multi-layer security approach. All email accounts should be protected by multifactor authentication (MFA,) which includes a password that is then reinforced by a second form of authentication. This could be an authenticator app, the insertion of a FIDO key or a SMS code. Email access policies should be used to block email access from geographical areas that do not have authorized email users, such as foreign countries. Email systems should incorporate email authentication protocols such as DMARC, DKIM and SPF to confirm that incoming emails are from a legitimate source, to prevent spoofing. Finally, you must also protect email inboxes from phishing attacks that attempt to deceive users into clicking on an embedded link or malicious attachments. This requires an advanced email filtering solution that can scan attachments for malware and use analytics to identify suspicious email.

Understand how you can manage your risk reasonably.