The Vect Ransomware and TeamPCP threat groups claim to have compromised Sportradar AG, a multinational sports data and technology company. According to a dark web forum post from a user acting as a broker for the groups, the breach was allegedly executed on March 25, 2026, via a supply chain attack exploiting Trivy. The threat actors claim to have exfiltrated highly sensitive corporate and client data, which is currently being offered for sale for up to $50,000 USD.
According to the actor, the allegedly compromised data includes over 28,829 records featuring:
-
Personally Identifiable Information (PII) for roughly 26,000 users
-
Profiles of 23,169 sports persons (including full names, dates of birth, nationalities, and genders)
-
Third-party credentials and access tokens linked to FIBA and Bet365
-
Contact details for 59 named business contacts, including direct email addresses and phone numbers
-
Approximately 2,700 unique email addresses
-
Eight production RDS database passwords with full endpoints
-
Auth0 OAuth client ID and secret pairs, as well as Kafka SASL credentials
-
Over 300 platform API keys, including Sports Media and TV Graphics keys
-
Extensive cloud infrastructure data and Terraform state files detailing AWS configurations (VPC IDs, RDS endpoints, Lambda function ARNs)
Daily Dark WebRead More
R1
T1
