Pacers Sports & Entertainment (PSE), the legal entity behind the Indiana Pacers and the Indiana Fever NBA and WNBA basketball teams, respectively, announced a cybersecurity breach on Friday during which hackers gained access to sensitive user information.
In a press release published yesterday, the company blamed the cybersecurity breach on phishing campaign during which hackers managed to gain access to several PSE employee accounts.
It said hackers had access to these accounts between October 15, 2018, and December 4, 2018.
PSE is notifying customers now, but the company said it learned of the breach way back last year, on November 16, leaving many to ask themselves –what took so long?
“After a thorough review of these email accounts, PSE determined that a limited number of personal records were present in the affected emails,” the company said.
Exposed information ranges wildly, and PSE said it might include name, address, date of birth, passport number, medical and/or health insurance information, driver’s license/state identification number, account number, credit/debit card number, digital signature, username and password, and in some cases even Social Security numbers.
IS IT EMPLOYEE OR CUSTOMER DATA?
As DataBreaches.net pointed out, PSE did not mention if this data belongs to PSE employees or PSE customers –such as those who registered for the Pacers online shop to buy gear and memorabilia.