Cyber Incident Victim: Norfolk Admirals
Date:
Mar 2016
Location:
United States of America
Summary
A hacker using the alias @Gift2Death exposed customer data from the Norfolk Admirals' website, posting names, email addresses, physical addresses, and credit card types—though no financial account numbers—online. The breach impacted approximately 250 customers after removing duplicates and spam from an initial list of over 4,000 entries, with one affected individual discovering her young son’s personal information was compromised through a kids' club registration. The attacker claimed to have warned the organization about security vulnerabilities prior to the incident, which team leadership denied receiving. The Admirals engaged an external security firm, implemented additional protective measures, and considered notifying law enforcement. The exposure occurred alongside unrelated local breaches, amplifying concerns about data protection among affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 30, 2016, a hacker using the alias @Gift2Death publicly posted a data dump containing personal information of Norfolk Admirals customers obtained through a breach of the hockey team’s systems. The exposed data included approximately 4,476 email accounts alongside associated names, physical addresses, and types of credit cards used for transactions, though no actual credit card numbers or financial account details were compromised. The Admirals’ vice president, Joe Gregory, stated the organization did not store sensitive financial data. An external cybersecurity firm hired by the team reviewed the leaked dataset, removing duplicate entries and spam email addresses, which reduced the estimated number of uniquely affected individuals to approximately 250 customers. The breach was initially detected when at least one customer, identified only as Monica, received an alert from the third-party service "Have I Been Pwned?" notifying her that her email address appeared in the public dump. Monica confirmed her 5-year-old son’s name and address were included because she had registered him for the Admirals Kids Club two seasons prior.
The hacker claimed responsibility via a Twitter post featuring a cartoon devil and a purported password for the team’s Twitter account, though there was no evidence the account was compromised. @Gift2Death asserted the breach was retaliation for the Admirals ignoring prior emailed warnings about vulnerabilities in their online security, a claim Gregory denied having knowledge of. The team initiated contact with their cybersecurity firm to assess whether law enforcement notification was required and implemented additional security measures to prevent future incidents. Monica expressed concern over the exposure of her child’s personal information, stating it diminished her trust in providing accurate details for future registrations. The breach occurred shortly after a separate, larger-scale phishing incident at Tidewater Community College, though no direct connection between the two events was established in available reporting. Gregory emphasized the team took customer threats seriously and reiterated that no financial harm could occur due to their data storage practices.