NASCAR confirms data breach after hackers 'demanded $4m ransom'

NASCAR has confirmed it was the victim of a data breach after hackers demanded a $4million ransom following a ransomware attack.

The racing organization says it suffered the breach between March 31, 2025 and April 3, 2025.

READ MORE: NASCAR announces driver DISQUALIFICATION at Indianapolis

Correspondence with multiple state regulators this week (including this example from New Hampshire) confirms the data breach, and says it does contain the names and social security numbers of some of its customers/fans.

It is not known exactly how many NASCAR customers are impacted by the breach, or the exact depth of data which was acquired by the hackers.

First official confirmation from NASCAR

This is the first official confirmation from NASCAR that the breach happened, although the story did hit the headlines in early April with the Medusa ransomware gang reportedly claiming responsibility.

Medusa posted about the breach on its website and allegedly demanded a $4million ransom with a deadline of April 19. There is no confirmation of whether that ransom was paid by NASCAR.

Per U.S. cybersecurity agencies in a March 2025 update, Medusa has attacked more than 300 victims in critical sectors.

How did NASCAR respond to the breach?

NASCAR’s response to the breach was laid out in that correspondence to state regulators, with the following detail:

“On April 3, 2025, the Company identified and began addressing a security incident that involved unauthorized access to its network. Upon identifying the activity, the Company promptly took steps to secure the network and began a comprehensive investigation. A cybersecurity firm that has assisted other companies in similar situations was engaged. Law enforcement was notified. The investigation determined that the unauthorized actor acquired certain files on the Company’s network between March 31 and April 3, 2025. “

NASCAR said it has also responded to the breach by offering impacted customers a one-year membership to credit monitoring and identity protection services. It says it has established a dedicated, toll-free call center to enable impacted customers to obtain more information about the incident.

What is Medusa?

This is how agencies described the group in that March 2025 update:

"Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile malware variant per the FBI’s investigation."

READ MORE: NASCAR announces five drivers DEMOTED at Indianapolis including Denny Hamlin

Related

NASCAR

NASCAR icon will not congratulate Bubba Wallace for Indy win

• Today 02:00

NASCAR Cup Series

Denny Hamlin hails incredible NASCAR drives by first-time star

• Today 01:00