The season of professional football is upon us. Practice games are finished, team roosters are finalized, news announcements are made. For the San Francisco 49er’s, the news that Jimmy Garoppolo was no longer head quarterback should have been the big drama of the year. However, the real drama, has been happening quietly behind closed doors of the 49er’s corporate headquarters.
Somewhere between February 6, 2022 and February 11, 2022, the San Francisco 49ers corporate IT network experienced a security incident. Upon discovering that sensitive consumer data was accessible to an unauthorized party, the San Francisco 49ers began the process of reviewing all affected files to determine the full extent of the damage. The organization completed its review of the compromised files on August 9, 2022.
On September 1, 2022, the San Francisco 49ers sent out data breach letters to all individuals whose information was compromised as a result of the data security incident. According to the 49ers, the breach resulted in the names and Social Security numbers of 20,930 individuals being compromised.
It is very unclear who the victims are, whether they be season ticket holders, 49ers organization employees, or just other people whose Social Security Numbers the team had on record for whatever reason. What is clear, is that the fraudsters have had six months to have fun with our victim’s identity, and potentially destroy their lives.
We wouldn’t know anything about the breach if not for an obscure law in the state of Maine, some 3,000 miles away from the 49ers, that requires public disclosure of data breaches if they affect any Maine residents. Only 7 of the 20,930 people who had their names and Social Security Numbers exposed were from Maine. Upon receipt of the notification, the Attorney General’s Office of Maine released the information as a public duty, and in doing so provided information that could protect thousands nationwide.
Shout out to the lawmakers of Maine, who passed the law that minimize the damages to the victims of stolen identities.
Today’s Fraud of the Day is based on an article, “49ers data breach may have exposed more than 20,000 people to ID theft, documents say” published by The San Francisco Chronicle on September 6, 2022
The San Francisco 49ers have acknowledged that a ransomware attack during Super Bowl week that compromised its systems affected 20,930 individuals who may be victims of identity theft, according to a government notification filed by the team.
The 49ers had issued a statement on Super Bowl Sunday, Feb. 13, that their corporate IT network systems had been disrupted by a “network security incident,” the Associated Press reported. The 49ers two weeks earlier had lost the NFC Championship Game to the Los Angeles Rams, who went on to win the Super Bowl.