Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
NASCAR

NASCAR Vendor Cyber Rating & Cyber Score

nascar.com

Welcome to NASCAR! We are a company unlike any other. We want you to bring your experience, skills and passion to our close-knit, high-energy environment in which our employees thrive and where you can prosper. We know the key to our success is our employees and we offer highly competitive salaries, a solid benefits package focused on wellness, and opportunities for you to grow and develop both personally and professionally. It won’t take you long to find out that you are on the right track here at NASCAR! About NASCAR The National Association for Stock Car Auto Racing (NASCAR) is the sanctioning body for the No. 1 form of motorsports in the United States and owner of 14 of the nation’s major motorsports entertainment facilities. NASCAR


NASCAR A.I CyberSecurity Scoring

NASCAR
Company Information
Website:https://careers.nascar.com/
Employees number:2,468
Number of followers:97,064
NAICS:7112
Industry Type:Spectator Sports
Homepage:nascar.com
NASCAR Risk Score (AI oriented)
Between 0 and 549
logo
NASCARSpectator Sports
Updated:
31/03/2026
245/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
NASCAR Global Score (TPRM)
xxxx
logo
NASCARSpectator Sports
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

NASCAR
NASCARCritical
Current Score
245C (CRITICAL)
01000
5 incidents
-181 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
278Before Incident
JUNE 2026
266Before Incident
MAY 2026
263Before Incident
APRIL 2026
255Before Incident
MARCH 2026
245Before Incident
FEBRUARY 2026
414Before Incident
Ransomware
24 Feb 2026NASCAR
Comcast and NASCAR: North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks

North Korean Lazarus Group Expands into Ransomware with Medusa Attacks

233After Incident
CRITICAL-181
NASCOM1771979720
North Korean Lazarus Group Expands into Ransomware with Medusa Attacks North Korea’s state-backed Lazarus Group has entered the commercial ransomware market, leveraging the Medusa ransomware-as-a-service (RaaS) operation to target organizations in the Middle East and the U.S. While an attempted breach of U.S. healthcare entities failed, the campaign underscores a growing trend: nation-state actors adopting cybercrime tools for financial gain. Since its emergence in 2023, Medusa has been linked to over 300 successful attacks, including high-profile victims like Comcast and NASCAR. By partnering with Medusa, Lazarus gains access to an established criminal infrastructure, obscuring its identity behind typical ransomware affiliates and complicating attribution for defenders. The group’s attacks follow a multi-stage process, beginning with the deployment of tools to disable security protections. Custom backdoors like Blindingcan and Comebacker establish persistent access, while credential theft tools (ChromeStealer, Mimikatz) and data exfiltration utilities (Infohook, RP_Proxy) extract sensitive information before ransomware deployment. By the time Medusa encrypts systems, attackers have already exfiltrated critical data. Recent targets reveal a focus on vulnerable institutions, including a U.S. mental health nonprofit and a school for children with autism. Ransom demands average $260,000 a calculated figure designed to pressure cash-strapped organizations into paying quickly. This strategy aligns with Lazarus’ broader shift toward financially motivated attacks, following a similar 2024 collaboration between North Korea’s Jumpy Pisces (Andariel) and the Play ransomware group. Experts note the tactical logic: targeting underfunded sectors like healthcare and education maximizes emotional leverage, increasing the likelihood of payment. The convergence of state-sponsored espionage and ransomware operations means even small organizations previously overlooked by advanced threat actors now face sophisticated, government-backed cyber threats.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Data Compromised: Sensitive information exfiltratedSystems Affected: Encrypted by Medusa ransomwareOperational Impact: Disruption of servicesIdentity Theft Risk: High (PII potentially exposed)
DATA BREACH
Type Of Data Compromised: Sensitive information, personally identifiable information (PII)Sensitivity Of Data: HighData Exfiltration: YesData Encryption: Yes (by Medusa ransomware)Personally Identifiable Information: Likely
JANUARY 2026
434Before Incident
DECEMBER 2025
425Before Incident
NOVEMBER 2025
415Before Incident
OCTOBER 2025
405Before Incident
SEPTEMBER 2025
394Before Incident
AUGUST 2025
384Before Incident
APRIL 2025
489Before Incident
Ransomware
13 Apr 2025NASCAR
NASCAR: Medusa ransomware gang claims to have hacked NASCAR

Medusa Ransomware Gang Claims Breach of NASCAR

294After Incident
CRITICAL-195
NAS1770566035
Medusa Ransomware Gang Claims Breach of NASCAR, Demands $4M Ransom The Medusa ransomware-as-a-service (RaaS) group has alleged a breach of NASCAR’s computer systems, claiming to have exfiltrated over 1TB of sensitive data. In a post on its dark web leak site, the gang demanded a $4 million ransom for the deletion of the stolen files, accompanied by a countdown timer threatening public release. The deadline can be extended for $100,000 per day. To substantiate its claims, Medusa published screenshots of purported internal NASCAR documents, including employee and sponsor contact details, financial reports, invoices, and a directory of exfiltrated files. While NASCAR has not confirmed the attack, the evidence presented appears credible. Medusa has been active in targeting high-profile organizations, with the FBI and CISA issuing a joint advisory last month warning of its impact on over 300 entities across critical sectors, including healthcare, education, and manufacturing. Past victims include Minneapolis Public Schools, which suffered a 92GB data leak after refusing a ransom, as well as cancer centers and British high schools. The group has also previously claimed to have stolen Microsoft source code. This incident follows a pattern of cyberattacks on major sports organizations. In 2016, NASCAR-affiliated team Circle Sport-Leavine Family Racing paid a ransom after a TeslaCrypt attack, while in March 2025, NASCAR’s official Twitter account was hijacked to promote a fraudulent cryptocurrency scheme. If confirmed, this breach would mark another high-profile disruption in the sports industry.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Data Compromised: Over 1TB of sensitive dataBrand Reputation Impact: HighIdentity Theft Risk: High
DATA BREACH
Employee contact detailsSponsor contact detailsFinancial reportsInvoicesSensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes
APRIL 2025
634Before Incident
Ransomware
08 Apr 2025NASCAR
NASCAR

Medusa Ransomware Attack on NASCAR

488After Incident
CRITICAL-146
NAS301040825
The Medusa ransomware gang has compromised NASCAR, demanding a $4 million ransom and threatening to expose sensitive data. Leaked documents include operational and logistical information, employee details, and corporate branding materials, indicating a substantial data breach. If the ransom is unpaid, further leaks are anticipated. This attack endangers NASCAR's operational security and may have significant repercussions on their business continuity and stakeholder trust.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial Gain
IMPACT
Operational and logistical informationEmployee detailsCorporate branding materialsOperational securityBusiness continuityStakeholder trust
DATA BREACH
Operational and logistical informationEmployee detailsCorporate branding materials
MARCH 2025
728Before Incident
Ransomware
01 Mar 2025NASCAR
NASCAR

NASCAR Data Breach

630After Incident
CRITICAL-98
NAS553072725
NASCAR, the National Association for Stock Car Racing, experienced a data breach in March 2025 due to a cyberattack. The incident exposed the Social Security numbers of an unknown number of victims. The company identified the attack on April 3 and began an investigation, involving law enforcement and a cybersecurity firm. The breach notification letters were sent out to victims on July 24, offering one year of credit monitoring services. Medusa ransomware gang claimed responsibility, demanding a $4 million ransom and threatening to publish exfiltrated data if not paid by April 19.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial Gain
IMPACT
Social Security NumbersIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Social Security NumbersNumber Of Records Exposed: UnknownSensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes
DECEMBER 2024
771Before Incident
Cyber Attack
25 Dec 2024NASCAR
SolarWinds, Kaseya, MoveIt Transfer, PowerSchool, DaVita, NASCAR, Marks & Spencer, Caesars Entertainment and Change Healthcare: Ransomware trends, statistics and facts in 2026

Ransomware Trends and High-Profile Attacks (2024-2025)

726After Incident
CRITICAL-45
DAVCAECHAPOWKASFILMARSOLNAS1770898846
Ransomware in 2025–2026: Evolving Threats, Rising Costs, and High-Profile Attacks Ransomware remains a critical threat to governments, businesses, and critical infrastructure, disrupting healthcare, fuel distribution, retail, and identity security. Financial and operational impacts have intensified, with attackers refining tactics to maximize damage and extortion. ### Key Ransomware Trends 1. Supply Chain Attacks – Threat actors increasingly target software vendors to compromise multiple downstream victims. Notable incidents include: - 2023 MoveIt Transfer breach (Clop ransomware gang) - 2021 Kaseya attack (1,500+ MSP customers affected) - 2020 SolarWinds hack 2. Triple Extortion – Beyond encrypting data and threatening leaks, attackers now demand payment to prevent additional attacks. The Vice Society group used this tactic in its 2023 attack on San Francisco’s BART system. Leading ransomware groups like LockBit 5.0 now use private negotiation portals for targeted extortion. 3. Ransomware-as-a-Service (RaaS) – Cybercriminals lease pre-built ransomware tools and infrastructure, lowering the barrier to entry for attacks. 4. Exploiting Unpatched Systems – While zero-day vulnerabilities draw attention, most ransomware exploits known flaws in outdated software. 5. Phishing & AI-Driven Attacks – Phishing remains a primary infection vector, while generative AI enhances social engineering lures, reconnaissance, and attack automation. ### Ransomware by the Numbers (2025) - 44% of breaches involved ransomware (Verizon 2025 DBIR), a 37% increase from 2024. - 88% of SMB breaches included ransomware, compared to 39% in large enterprises. - 34% rise in attacks in the first three quarters of 2025 (Total Assure). - 5,010 U.S. incidents in the first 10 months of 2025 a 50% increase from 2024 (Cyble). - 85% of attacks go unreported (BlackFog). - Median ransom payment: $267,500 (Palo Alto Networks 2025). - Average ransom payment: $1 million (Sophos 2025), down from $2 million in 2024. - Average insurance claim: $292,000 (Coalition 2025), a 7% decrease from 2024. ### Notable 2024–2025 Ransomware Attacks - PowerSchool (Dec. 2024) – Exposed data of 62M students and 9.5M teachers across North America. - Yale New Haven Health (Mar. 2025) – Compromised 5.6M patient records; settled a class-action lawsuit for $18M. - NASCAR (Apr. 2025)Medusa ransomware gang stole 1TB of data and demanded $4M. - DaVita (Apr. 2025)2.7M patients’ health data exposed by Interlock ransomware. - Marks & Spencer (May 2025)Pay2Key ransomware disrupted operations, contributing to a 90% profit drop. - Ingram Micro (Jul. 2025)SafePay ransomware caused service disruptions and revenue losses. - Change Healthcare (2024) – Initially reported 100M+ victims; revised to 193M by mid-2025. - LoanDepot (2024) – Attack disrupted loan services for 16.6M customers. - MGM Resorts & Caesars Entertainment (2023) – High-profile attacks crippled Las Vegas casino operations. ### Future Ransomware Predictions - AI-Powered Automation – Attacks will become faster, more persistent, and harder to detect (Trend Micro). - Voice-Based VishingAI-generated calls will rise as a social engineering tactic (Zscaler). - Encryption-Free Extortion – More groups will skip encryption, relying solely on data theft threats (SentinelOne). - GenAI-Enhanced Phishing – AI will enable more convincing, large-scale phishing campaigns. Ransomware shows no signs of slowing, with attackers leveraging AI, supply chain vulnerabilities, and multi-layered extortion to escalate both frequency and impact.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gainExtortionData theftOperational disruption
IMPACT
62M students and 9.5M teachers (PowerSchool)5.6M patient records (Yale New Haven Health)1TB of data (NASCAR)2.7M patients' health data (DaVita)193M victims (Change Healthcare)16.6M customers (LoanDepot)HealthcareFuel distributionRetailIdentity securityEducationCasino operationsLoan servicesDisrupted loan services (LoanDepot)Service disruptions and revenue losses (Ingram Micro)Profit drop (Marks & Spencer)90% profit drop (Marks & Spencer)$18M class-action lawsuit settlement (Yale New Haven Health)
DATA BREACH
Student recordsTeacher recordsPatient health dataCorporate data62M9.5M5.6M1TB2.7M193M16.6MHighYesYes (in some cases)Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for NASCAR ?
?
What was NASCAR's A.I Rankiteo Cyber Score in June 2026 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in May 2026 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in April 2026 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in March 2026 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in February 2026 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in January 2026 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in December 2025 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in November 2025 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in October 2025 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in September 2025 ?
?
What was NASCAR's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on NASCAR's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with NASCAR ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view NASCAR's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?