The National Football League (NFL) ’s San Francisco 49ers are mailing notification letters confirming a data breach that affects over 20,000 individuals.


The professional football team confirmed that personal information, including names and Social Security numbers, belonging to 20,930 individuals, was accessed and stolen in a ransomware attack that hit its network between February 6 and February 11, 2022. The attack caused a temporary disruption to some of its IT networks. BlackByte, a Ransomware as a Service (RaaS) group, claimed responsibility for the attack, Bleeping Computer reports.


“The 49ers conducted a thorough review of these files to identify the individuals whose information was contained in the files, and additional research to locate and verify the addresses for these individuals,” the NFL team stated in the notification letter.


The notification said that the 49ers completed the review on August 9 and discovered that the incident involved the name and Social Security numbers of seven Maine residents.


According to the notification letter, the NFL team notified law enforcement and cooperated to support the investigation. “We are also taking steps to help prevent something like this from occurring again, including additional measures to further enhance our security protocols and continued education and training to our employees,” the team said.