In April 2025, Hackread.com exclusively reported that the Medusa ransomware group had claimed responsibility for breaching the National Association for Stock Car Auto Racing (NASCAR) and was demanding a $4 million ransom. NASCAR has now confirmed that its systems were indeed compromised, validating Hackread.com’s earlier reporting.
According to the data breach notification filed with the Office of the Maine Attorney General, the incident occurred on March 31, 2025, and was discovered on June 24, 2025. However, Hackread.com had alerted NASCAR about Medusa’s breach claims on April 8, 2025, but the company neither responded nor acknowledged the inquiry.
While NASCAR did not disclose how many individuals were affected, it confirmed that the stolen data included files containing names and Social Security numbers. However, Hackread.com’s analysis of the sample data leaked by Medusa on its dark web site revealed that the exposure went far beyond just those details.
A preliminary review of the leaked documents indicates they contain detailed maps of raceway grounds, staff email addresses, names and job titles, as well as credential-related information, pointing to a genuine compromise of both operational and logistical data.
Nevertheless, NASCAR has notified the affected individuals and is offering one year of credit monitoring and identity theft protection services through Experian.
This also isn’t the first time NASCAR has been linked to a ransomware incident. In July 2016, a prominent NASCAR team suffered a major ransomware attack when its chief’s computer was infected with a TeslaCrypt variant. The attackers encrypted all files on the system and demanded payment in Bitcoin.
The FBI Had Warned About Medusa Months Before the NASCAR Breach
Medusa ransomware has been around since 2021, but its operations have escalated in recent years. One of the group’s more high-profile attacks hit Minneapolis Public Schools in 2023, where it dumped sensitive student and staff data after demanding, and not receiving, a $1 million ransom. Over time, Medusa has also gone after hospitals, city governments, and telecom companies, often leaking massive amounts of internal documents when victims refuse to pay.
Just a few months ago, Medusa grabbed attention again by using stolen digital certificates to shut down anti-malware tools on compromised systems. That move, noted in a March 25 report, allowed them to remain hidden and move through networks without detection.
Before that, on March 13 2025, the FBI and CISA released a joint security alert urging organisations to step up proper cybersecurity protection. Their guidance included enabling multi-factor authentication and keeping an eye out for suspicious certificate activity.
“Medusa’s $4 million ransom demand from NASCAR is significant. So far this year, the group has issued an average ransom of just under $300,000, making this demand over 10 times higher,” said Rebecca Moody, Head of Data Research at Comparitech.
“There could be several reasons for that, including NASCAR’s high-profile status or the volume of data stolen. While the full impact of the NASCAR breach is still unclear, Medusa is already behind one of this year’s largest ransomware-related breaches, with Bell Ambulance reporting 114,000 affected.”
