At least 1,135 football players and agents had their personal information exposed in a NFLPA database leak on Tuesday, according to Forbes.
The leak included email addresses, phone numbers, home addresses, and IP addresses of NFL players. Colin Kaepernick, who was criticized for kneeling during the national anthem last year, had his home address and cell phone number compromised in the leak.
The Kromtech Security Center said on Monday that “anybody with Internet connection could have accessed the database.” The Germany-based firm said that the incident was caused by cyber-criminals as part of a "ransomware attack."
The NFL Players Association issued a statement to confirm the leak.
"We have worked with cyber-security experts at Microsoft and our database consultant to determine the extent of the improper access. We are confident that it was limited to a two-hour period last week," the NFLPA wrote in its email to <i>Forbe</i>s. The message confirmed players' home addresses, mobile numbers, email addresses, colleges, dates of birth and agent fees were included in the exposed data.
"We want to emphasize that no information about you or your player's Social Security Number or finances was in the data. Also, we are directly informing all players involved," the association said. "In addition to our work with Microsoft, we are engaging an independent firm to do a full review of all of our cyber-security measures."
Not all current and former NFL players who used the NFLPA site were affected, according to Forbes.