There’s a major crisis unfolding at NASCAR, with the racing authority facing a serious cybersecurity threat. According to several online reports, a hacking group called “Medusa” has breached the organization’s database and is now demanding ransom to avoid leaking sensitive information.
The group has given NASCAR 10 days to respond. If they don’t pay, the hackers say they’ll release more than one terabyte of data.
NASCAR Rocked by Major Ransomware Attack
According to Hackread.com, the group is asking NASCAR for $4 million in exchange for not leaking the information they claim to have.
The hackers have reportedly posted 37 images as proof. One of the blurred images appears to show spreadsheets with employee details, internal notes, photos, and corporate branding materials.
🚨Cyberattack Alert ‼️
🇺🇸USA – NASCAR
Medusa ransomware group claims to have breached the National Association for Stock Car Auto Racing (NASCAR) and is demanding $4,000,000.
According to the post, the cybercriminal group allegedly exfiltrated 1,038.70 GB of data.
Ransom… pic.twitter.com/2k79MnyyVR
— HackManac (@H4ckManac)
The images are said to include racetrack maps, staff credentials, emails and more — pointing to just how serious this breach could be.
So far, NASCAR hasn’t issued any official statement, and it’s still unclear how much of the information being shared is legit. But based on what’s out there, NASCAR is now racing against time, and the clock is ticking.
Medusa also says it’s targeting McFarland Commercial Insurance Services, Bridgebank Ltd., and Pulse Urgent Care next.
The group first appeared in 2021 and has ramped up its attacks since. One of its better-known incidents happened in 2023, when it hacked the Minneapolis Public Schools district and leaked data after a $1 million ransom wasn’t paid.
In March, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) put out a joint warning. They urged companies to boost their cybersecurity by using two-factor authentication and checking for any suspicious certificate activity.
NASCAR will need to resolve the issues quickly to prevent a dark cloud from hanging over the festivities at Bristol Motor Speedway. Coming off of Denny Hamlin’s win in the Goodyear 400 at Darlington Raceway on Sunday April 6, NASCAR is headed Bristol for the Food City 500 on Sunday, April 13.
While this might be the first time NASCAR is dealing with a ransomware attack this big, it’s not their first cybersecurity issue.
NASCAR Had Their Official Radio Hacked in Atlanta
During race weekend in Atlanta, NASCAR ran into another type of cyber issue. A fan reportedly hacked into the race radio during the Ambetter Health 400.
People heard strange and inappropriate messages on team radios. Fans jumped on social media to share what they were hearing. It didn’t take long to figure out that someone outside the organization was behind it.