Medusa ransomware group claims NASCAR hack, demands $4 Million
Learn More
The Medusa ransomware group has claimed responsibility for hacking NASCAR and is demanding a $4 million ransom payment. According to reports, the cybercriminal group is threatening to release over a terabyte of internal data if their demands are not met within a 10-day timeframe.
As evidence of the breach, Medusa has allegedly leaked several dozen document images purportedly from NASCAR's internal systems, including:
- Detailed maps of raceway grounds
- Email addresses of NASCAR staff
- Names and titles of staff members
- Credential-related information
Security experts cited by Hackread.com suggest that the nature of the leaked documents indicates "a real compromise of operational and logistical data,".
While the legitimacy of Medusa's has not been independently verified at this time, and NASCAR has yet publicly addressed the allegations of a data breach or the ransom demand.
Update - as of 25th of July 2025, NASCAR confirmed the breach. According to the data breach notification, the incident occurred on March 31, 2025, and was discovered on June 24, 2025. Hackread.com had alerted NASCAR about Medusa’s breach claims as early as April 8, 2025. NASCAR did not disclose how many individuals were affected. The company confirmed that the exposed data includes names and Social Security numbers.
