Six Months of Silence

Binary data with the word IDENTITY appears in the shadow of a hand. Concept for digital crime. Blue toned image.

The season of professional football is upon us. Practice games are finished, team roosters are finalized, news announcements are made. For the San Francisco 49er’s, the news that Jimmy Garoppolo was no longer head quarterback should have been the big drama of the year. However, the real drama, has been happening quietly behind closed doors of the 49er’s corporate headquarters.

Somewhere between February 6, 2022 and February 11, 2022, the San Francisco 49ers corporate IT network experienced a security incident. Upon discovering that sensitive consumer data was accessible to an unauthorized party, the San Francisco 49ers began the process of reviewing all affected files to determine the full extent of the damage. The organization completed its review of the compromised files on August 9, 2022.

On September 1, 2022, the San Francisco 49ers sent out data breach letters to all individuals whose information was compromised as a result of the data security incident. According to the 49ers, the breach resulted in the names and Social Security numbers of 20,930 individuals being compromised.

It is very unclear who the victims are, whether they be season ticket holders, 49ers organization employees, or just other people whose Social Security Numbers the team had on record for whatever reason. What is clear, is that the fraudsters have had six months to have fun with our victim’s identity, and potentially destroy their lives.

We wouldn’t know anything about the breach if not for an obscure law in the state of Maine, some 3,000 miles away from the 49ers, that requires public disclosure of data breaches if they affect any Maine residents.  Only 7 of the 20,930 people who had their names and Social Security Numbers exposed were from Maine.  Upon receipt of the notification, the Attorney General’s Office of Maine released the information as a public duty, and in doing so provided information that could protect thousands nationwide.

Shout out to the lawmakers of Maine, who passed the law that minimize the damages to the victims of stolen identities.

Today’s Fraud of the Day is based on an article, 49ers data breach may have exposed more than 20,000 people to ID theft, documents say” published by The San Francisco Chronicle on September 6, 2022

The San Francisco 49ers have acknowledged that a ransomware attack during Super Bowl week that compromised its systems affected 20,930 individuals who may be victims of identity theft, according to a government notification filed by the team.

The 49ers had issued a statement on Super Bowl Sunday, Feb. 13, that their corporate IT network systems had been disrupted by a “network security incident,” the Associated Press reported. The 49ers two weeks earlier had lost the NFC Championship Game to the Los Angeles Rams, who went on to win the Super Bowl.

Previous articleThe Numbers of Victims Yet Unknown
Next articleOnly A Drop Of Blood

Larry Benson, Senior Director of Strategic Alliances, LexisNexis Risk Solutions - Government

Larry Benson is responsible for developing strategic partnerships and solutions for the government vertical. His expertise focuses on how government programs are defrauded by criminal groups, and the approaches necessary to prevent them from succeeding.

Mr. Benson has 30 years of experience in sales and business development. Before joining LexisNexis® Risk Solutions, he spent 12 years founding and managing two software technology startups. During the 1990s he spent 10 years as a Regional Director helping to grow a New England-based technology company from 300 employees to 7,000. He started his career with Martin Marietta Aerospace working on laser guided weapons and day/night vision systems.

A sought-after speaker and accomplished writer, Mr. Benson is the principal author of “Fraud of the Day,” a website dedicated to educating government officials about how criminals are defrauding government programs. He has co-authored WTF? Where’s the Fraud? How to Unmask and Stop Identity Fraud’s Drain on Our Government, and Data Personified, How Fraud is Changing the Meaning of Identity.

Benson holds a Bachelor of Science in Physics from Albright College, and earned two graduate degrees – a Master of Business Administration from Florida Institute of Technology, and a Master of Science in Engineering from Lehigh University.