The software provider that got hacked
ArbiterSports is known as the official software provider for nonother than the NCAA or the National Collegiate Athletic Association and also a lot of other leagues. They previously said that it fended off a previous ransomware attack just in July of this year.
In a particular data breach notification letter that was filed with multiple states all across the US, the company stated that despite it being able to detect and blocking hackers from being able to encrypt its files, certain intruders were able to steal a whole copy of its own backups.
This backup contained the data from ArbiterOne, ArbiterGame, and even ArbiterWorks. These are the three web applications used by certain schools and sports leagues in order to assign and also manage both the schedules and training programs for referees as well as game officials.
The hacked information obtained
ArbiterSports previously stated that the backups actually contained a lot of sensitive information about certain users who were able to register on the given web applications. These included account passwords, usernames, the real names, birthdays, addresses, email addresses, and most important of all, the Social Security numbers.
The company said that both the Social Security numbers as well as the passwords were actually encrypted in the file, but that the unauthorized party was eventually able to decrypt the hidden data. ArbiterSports said that once they tried to block a certain attempt to encrypt the local data, hackers then tried to demand payment in exchange for the deletion of the files that they had obtained.
ArbiterSports paid the ransom
ArbiterSports stated that they have already paid the ransom demand and had already obtained confirmation that the unknown unauthorized party had finally deleted the files. However, there is actually still no guarantee that these hackers have not kept a copy of the data before going on and deleting ArbiterSport's data.
Certain sources in the whole incident response or IR community have given their statement to ZDNet about the known cases where certain ransomware gangs did not actually delete the data. A particular ArbiterSports spokesperson was not yet available for comments despite the repeated attempts.
The known ArbiterSports incident is actually reminiscent of a much similar incident that was disclosed by Blackbaud, a certain provider of the known cloud-based software to certain universities as well as non-profits.
Blackbaud has also avoided having its own files encrypted but eventually they had to pay the hackers to ultimately delete the files that had been stolen even before detection.