National Intramural and Recreational Sports Association

On July 28, 2020, the National Intramural and Recreational Sports Association (NIRSA) suffered a data breach due to unauthorized access to one of its databases. The incident exposed the personal information of 5,052 individuals, including 15 Maine residents, though there was no evidence that the data was actually stolen or misused. NIRSA took nearly three months to notify affected individuals, issuing alerts on October 23, 2020. The breach raised concerns over the security of sensitive personal data, potentially including names, contact details, or other identifying information tied to members or participants in recreational sports programs. While the organization stated that no fraudulent activity was detected, the delay in disclosure and the scale of exposed records highlighted vulnerabilities in NIRSA’s cybersecurity measures. The incident did not result in financial losses, ransom demands, or operational disruptions, but it damaged trust among stakeholders and necessitated remediation efforts to prevent future intrusions.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/4a8809f0-9d06-4dcc-b441-bc608f0d2a46.shtml

TPRM report: https://www.rankiteo.com/company/nirsa

"id": "nir226090125",
"linkid": "nirsa",
"type": "Breach",
"date": "5/2020",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'customers_affected': '5,052 individuals (including 15 '
                                              'Maine residents)',
                        'industry': 'Sports/Recreation',
                        'name': 'National Intramural and Recreational Sports '
                                'Association (NIRSA)',
                        'type': 'Non-profit Organization'}],
 'customer_advisories': 'Notification sent to affected individuals on October '
                        '23, 2020',
 'data_breach': {'data_exfiltration': 'No indication data was acquired',
                 'number_of_records_exposed': '5,052',
                 'personally_identifiable_information': 'Yes',
                 'type_of_data_compromised': 'Personal information'},
 'date_detected': '2020-07-28',
 'description': 'The Maine Office of the Attorney General reported that the '
                'National Intramural and Recreational Sports Association '
                '(NIRSA) experienced a data breach involving unauthorized '
                'access to a database on July 28, 2020. The breach potentially '
                'affected the personal information of 5,052 individuals, '
                'including 15 Maine residents, with no indication that the '
                'data was actually acquired.',
 'impact': {'data_compromised': 'Personal information of 5,052 individuals '
                                '(including 15 Maine residents)',
            'identity_theft_risk': 'Potential (no indication data was '
                                   'acquired)',
            'systems_affected': ['Database']},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Affected individuals were notified on '
                                        'October 23, 2020'},
 'title': 'NIRSA Data Breach (2020)',
 'type': 'Data Breach'}