Cyber Incident Victim: The National Association for Stock Car Auto Racing

TheNational Association for Stock Car Auto Racing, LLC, located at 1 Daytona Blvd in Daytona Beach, Florida, experienced an external system breach that was classified as a hacking incident. According to the breach notification submitted to the Maine Attorney General’s office, the unauthorized access occurred on March 31, 2025. The breach was not identified until June 24, 2025, when the organization discovered the compromise. The description provided in the filing characterizes the event as an external system breach resulting from hacking activity.

The filing indicates that one resident of Maine was affected by the breach, while the total number of individuals impacted across all jurisdictions was not disclosed in the notice. Notification to the affected Maine resident was carried out in written form and was sent on July 24, 2025, exactly one month after the breach was discovered. The notice was prepared and submitted by outside counsel Elise Elam, a partner at Baker & Hostetler LLP, who acted on behalf of the organization.

A copy of the written notice provided to the Maine resident is referenced in the filing as an attachment titled NASCAR_-_Maine_Attachment.pdf, which is available through the Maine Attorney General’s online portal. The submission to the state includes the organization’s contact information and confirms that the breach was reported in compliance with Maine’s data breach notification requirements. The timeline outlined in the document shows a lapse of approximately three months between the occurrence of the breach and its discovery, followed by an additional month before consumer notification was issued.