Roger Hacker, the 49ers’ vice president for corporate communications, declined to comment when CNN asked whether ransomware was involved in the incident.
The incident appeared to be “limited to our corporate IT network” and did not affect computer systems involved in the team’s stadium operations or systems related to ticket holders, the 49ers said in a statement to CNN.
“Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident,” the statement reads.
The 49ers hired cybersecurity firms to recover from the incident and notified law enforcement officials, the franchise said.
“As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible,” the 49ers said.
Hackers behind a type of ransomware known as BlackByte listed the 49ers on their website of alleged victims, a tactic that cybercriminals often use to pressure organizations into paying a ransom.
The FBI and Secret Service told US companies in a February 11 advisory to be on the lookout for BlackByte ransomware, which the agencies said had been used to compromise US organizations in the government facilities, financial, and food and agriculture sectors.
The Biden administration has sought to aggressively crack down on the system that allows ransomware to flourish — from helping arrest alleged ransomware operatives in Europe to sanctioning cryptocurrency exchanges that facilitate ransom payments.
But while some ransomware groups have cut back on attacks, others have continued to try to extort US businesses. Cybercriminals received more than $1.2 billion in ransom payments in 2020 and 2021 combined, according to cryptocurrency-tracking firm Chainalysis.
CNN’s Emma Tucker contributed to this report.