The San Francisco 49ers' corporate IT network was hit by a cyberattack Sunday, the team confirmed.
In the hours before the Los Angeles Rams and Cincinnati Bengals faced off in Super Bowl LVI, the ransomware gang BlackByte compromised the 49ers' network and stole some of the team's financial data, as first reported by ESPN.
"We recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network," the 49ers said in a statement. "Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. Third-party cybersecurity firms were engaged to assist, and law enforcement was notified."
BlackByte posted some of the stolen documents to the dark web, according to ESPN, but it did not publicize any ransom demands.
The 49ers said the attack was isolated to the corporate network and did not compromise the personal data of ticketholders.
"To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders," the team said in a statement. "As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible."
Security trackers say sports teams and events are frequent targets of cyber criminals. They're both high profile and often have lots of money and treasure troves of personal financial information on fans and ticket holders.
"What a criminal would try to do is take your social security, your address and open up an account or open up some kind of a credit card or an account somewhere else where they could actually monetize it," said Ralph Pisani, president of Bay Area cyber security company Exabeam.
BlackByte is said to be part of a ransomware gang known to attack networks, holding data hostage until they get paid. Their ransom of choice these days is cryptocurrency, like Bitcoin, partly because it's harder to trace than traditional money.
"Ransomware tends to target whatever is the largest target that they can with the most money, where they can cause the most threat and pain," Elementus CEO Max Galka said.