In a confirmation of a report earlier in the spring, NASCAR was victimized by the Medusa ransomware group in a data hack which asked for $4 million.
Hackread.com was the first to issue reporting on the matter and received a confirmation from the Sanctioning Body that it filed a data breach notification with the Maine Attorney General about a incident that occurred on March 31, 2025 and discovered on June 24, 2025.
The website states that it notified NASCAR about the matter when asking for a statement on April 8 but that inquiry went unanswered.
From the new Hackread.com report:
While NASCAR did not disclose how many individuals were affected, it confirmed that the stolen data included files containing names and Social Security numbers. However, Hackread.com’s analysis of the sample data leaked by Medusa on its dark web site revealed that the exposure went far beyond just those details.
A preliminary review of the leaked documents indicates they contain detailed maps of raceway grounds, staff email addresses, names and job titles, as well as credential-related information, pointing to a genuine compromise of both operational and logistical data.
hackread.com
NASCAR has reportedly notified those at risk due to the data breach and provided them a year of credit monitoring and identity theft protection services through via Experian.
Medusa emerged in 2021 and has compromised over 300 entities across healthcare, education, legal services, insurance, technology and manufacturing before the NASCAR attack.
