According to cybersecurity site Hackread.com, NASCAR may have fallen victim to a ransomware attack by the Medusa gang, which is reportedly demanding a $4 million payment. The group allegedly listed NASCAR on its dark web leak site and has threatened to release sensitive internal data if the ransom isn’t paid.
While NASCAR has not publicly commented on the matter and the full authenticity of the report has yet to be confirmed, Hackread claims the hackers are in possession of over 1,000 gigabytes of data. The stolen files reportedly include personal and business information such as names and emails of third-party contacts, internal communications, staff and executive contact details from various racetracks, phone numbers, business documents, workers’ compensation invoices, raceway maps and photos, partner data, legal documents, and credential-related materials. As apparent proof, the group has already released 37 document images.
Some of the leaked data is said to include detailed layouts of racetracks and confidential personnel information, suggesting a serious breach of NASCAR’s operational and logistical infrastructure.
The incident follows broader warnings from U.S. agencies. In March, the FBI and CIA had cautioned organizations about the rising threat of Medusa ransomware, advising stronger cybersecurity practices such as two-factor authentication.
Additional reporting from the Daily Dot indicated that NASCAR was given a 10-day deadline to meet the ransom demand. On3 also noted that this marks the second cybersecurity issue for the sport this season. Earlier, during the Atlanta race weekend, an unauthorized party reportedly hijacked the event’s official radio channel. Separately, NASCAR’s Twitter account was allegedly compromised in a breach that also affected the NBA’s account. That issue was quickly resolved.
As of now, NASCAR has not officially confirmed or addressed the alleged ransomware attack. Cyber Daily has reached out for comment and is awaiting a response.