Sign In
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
New Delhi: NASCAR, the iconic American motorsport brand, has confirmed it was targeted in a cyberattack back in April. The breach involved hackers gaining access to personal data, including Social Security numbers, from NASCAR’s network. While the racing world kept moving, things behind the scenes were far less smooth.
The breach went undetected for a few days. By the time NASCAR caught it on April 3, hackers had already been inside the network since March 31. The company said it responded immediately, launching an investigation with help from a private cybersecurity firm and informing law enforcement.
The official timeline suggests that the attackers were lurking inside NASCAR’s systems between March 31 and April 3, 2025. During this time, they reportedly stole files containing sensitive personal data, names and Social Security numbers, to be precise.
NASCAR began notifying affected individuals recently through written letters, as disclosed in regulatory filings submitted to attorneys general offices in Maine, Massachusetts, and New Hampshire. The company has not yet confirmed exactly how many people were affected.
To make up for the breach, NASCAR is offering free credit and identity monitoring services for one to two years. However, the situation might be bigger than what’s officially acknowledged.
Back in April, Medusa, a known ransomware group, claimed responsibility for the attack. They listed NASCAR on their Tor-based leak site, claiming they had exfiltrated roughly 1 terabyte of data and were demanding a $4 million ransom.
So far, NASCAR hasn’t confirmed if the Medusa gang’s claims are real or if they’re bluffing. They’ve kept quiet on the exact nature of the attack, including whether ransomware was deployed or not.
NASCAR hack timeline:
| Event | Date / Details |
|---|---|
| Intrusion started | March 31, 2025 |
| Breach discovered | April 3, 2025 |
| Type of data stolen | Names, Social Security numbers |
| Volume of data (as per Medusa) | 1 terabyte |
| Ransom demanded | $4 million (₹34 crore approx) |
| Notification sent to | Individuals in ME, MA, NH |
| Free services offered | 1–2 years credit and identity monitoring |
NASCAR hasn’t said anything about how the breach might have impacted its operations or ticketing systems. On the surface, races went on like nothing happened. But for the people whose data was taken, things may not be so simple.
Identity theft risks are real, especially when Social Security numbers are involved. Even a small breach can lead to years of problems for those affected, from credit card fraud to fake loans. So if Medusa’s 1TB claim is true, this could be a massive privacy nightmare.
For now, NASCAR has not confirmed if they paid the ransom or engaged with the attackers at all. The company is sticking to a tight-lipped script. That’s not unusual, but it leaves a lot of questions hanging.
Meanwhile, Medusa is still posting about the breach, suggesting the stolen data hasn’t been destroyed. If the gang dumps the data publicly, that could trigger further damage.
We'll have to wait and watch if Medusa makes good on its threats, or if this story burns out quietly like a racecar with an empty tank.
