Catapult not under investigation by NCAA or law enforcement
“Over the past few days, there were false reports that Catapult is under investigation by the NCAA and law enforcement regarding our ThunderCloud video system,” the email said. “While we assisted a local law enforcement authority investigating an alleged unauthorized access into a customer's ThunderCloud system, this was not an investigation of Catapult. In conjunction with this investigation, Catapult proactively conducted a thorough security review of our ThunderCloud system and found no data breaches or unauthorized access to any customer's content. We are not under investigation by the NCAA or any law enforcement agency.”
https://www.si.com/college/2023/12/31/catapult-not-under-ncaa-investigation-video-footage-rose-bowl
December 31st, 2023 at 2:38 PM ^
Uh-huh.
December 31st, 2023 at 5:01 PM ^
Uhhh... neither are we.
December 31st, 2023 at 2:39 PM ^
Nothing to see here, folks
December 31st, 2023 at 5:37 PM ^
Leslie Nielsen comes to mind when I see this line
December 31st, 2023 at 5:55 PM ^
Is this sarcasm? Because I mean, the NCAA doesn’t even like investigating sports programs getting busted by the FBI and the story is they’re investigating a company? Never mind on what authority; did anyone here seriously believe they’d bother??
They might be in legal trouble for all I know or care, but the only way the NCAA investigates Catapult is if OSU reports Harbaugh has been launching cheeseburgers with one.
December 31st, 2023 at 7:26 PM ^
Pretty sure it was sarcasm, dc.
January 1st, 2024 at 1:01 AM ^
Yes, it was sarcasm
December 31st, 2023 at 2:39 PM ^
Oh, well that explains it then
December 31st, 2023 at 6:51 PM ^
Ryan Day’s PI cleared it.
December 31st, 2023 at 2:41 PM ^
That's radically different from what they were saying 2 days ago, according to ABC News:
Catapult ... said on Friday that the NCAA is conducting an investigation into an allegation that an unnamed college football program gained unauthorized access to its materials.
December 31st, 2023 at 2:54 PM ^
I’ll put this here since it doesn’t seem to be clear
Catapult was never under investigation.
Catapult is assisting with an investigation of a school or person(s).
Catapult hasn’t found a breach.
It appears to be still assisting in the investigation.
Nothing has changed and there is nothing new here.
All Catapult is doing is making it clear that the company itself was never the target of an investigation
December 31st, 2023 at 3:09 PM ^
Yeah, they're saying they aren't being investigated for facilitating the violation or their own system being compromised externally, but there is still an investigation into someone illegally using their access to view material for other schools. I do think we might find their "our systems haven't been compromised" might be a bit of semantics if the illegal access was from an authenticated user doing something they aren't authorized to do so.
December 31st, 2023 at 3:38 PM ^
There are at least two likely outcomes.
1. If there was a breach, Ohio got access to another team’s credentials. This seems consistent with your point. But Catapult didn’t do anything wrong here
2. There wasn’t a breach
December 31st, 2023 at 6:38 PM ^
Agreed. There is a (semantics) difference between being hacked and having a breach. A breach can be internal.
December 31st, 2023 at 3:23 PM ^
Catapult has to bury any talk of impropriety or they will lose customers and go out of business.
December 31st, 2023 at 3:32 PM ^
They're the ones who said there are ongoing investigations. No one else has said that. They helped dump gasoline on this fire.
December 31st, 2023 at 4:42 PM ^
I don’t think catapult was ever under investigation. They are investigating if a school tried to access others schools information through catapult. Two different things
December 31st, 2023 at 5:17 PM ^
Or it means that a particular team (probably somewhere directly south of Ann Arbor) is under investigation, not that Catapult itself is under investigation. Both things can be true.
December 31st, 2023 at 2:51 PM ^
Do they really think that 2 major colleges just on a rumor decided to not use it? This story is nowhere near over
December 31st, 2023 at 2:52 PM ^
EDIT: Had to update because I misstated something before.
Catapult gave statements to different media saying they were cooperating with investigations. The media reported these statements.
Everyone assumed that meant "Catapult is being investigated," yet you will notice that the media never said that exactly.
Now Catapult realizes how dumb their initial statements were and had to send an email to attempt to clarify that THEY are not being investigated but the data breach is.
In any event, it is false for them to say there were false reports. All reports were merely parroting their own statements. Unless they're talking about MGoBoard posts.
December 31st, 2023 at 2:56 PM ^
December 31st, 2023 at 2:59 PM ^
Yeah, I get that now. I thought they were saying that their provider was being investigated but no, they're not saying who is being investigated, so presumably it's just the data breach in general...whoever the perpetrators are.
December 31st, 2023 at 2:53 PM ^
Yeah and Nick Saban wasn't leaving the Dolphins.
December 31st, 2023 at 2:54 PM ^
This is no way precludes from LOL at OSU.
December 31st, 2023 at 2:58 PM ^
This is just lawyer-speak saying the company itself is not under investigation for wrongdoing. Doesn’t mean there isn’t an investigation of someone else for doing something prohibited involving their platform.
December 31st, 2023 at 3:02 PM ^
Exactly. Catapult themselves didn't do anything wrong. Now someone IN catapult may have acted on their own merits and done something wrong.
December 31st, 2023 at 3:25 PM ^
And frankly, what are the odds that a potentially internal data leak wouldnt have been enabled by some aspect of their system or infrastructure configurations, or even hiring/vetting/HR practices? If an investigation is going on wrt their system, the distinction of the entity itself not being investigated is not all that meaningful to the public
December 31st, 2023 at 3:37 PM ^
To the public no, to the entity itself yes.
"For the last time, would you PLEASE talk to us before you release any statements to the press?" --Catapult corporate counsel
December 31st, 2023 at 2:58 PM ^
So Michigan wasn't allowing its players to look at film outside of its facility, on the (Thunder?)cloud because....?
December 31st, 2023 at 3:02 PM ^
The SI headline is misleading. This is a statement by Catapult themselves to their customers and the statement also admits that they were involved in an investigation but just not being investigated themselves. A lot of OSU fans are acting like this nullified Wetzel’s article but it does not
December 31st, 2023 at 3:09 PM ^
If true, then the NCAA should come out and say as much, too.
December 31st, 2023 at 3:10 PM ^
We need to hire a private investigation firm to get any sort of results... Until that happens, dont expect much.
December 31st, 2023 at 3:24 PM ^
Who says there hasn't been someone hired?
December 31st, 2023 at 9:18 PM ^
We have Warde. He's very thorough and proactive interns of protecting the university and all its employees.
December 31st, 2023 at 3:15 PM ^
I think Enron’s leadership made similar statements once upon a time.
December 31st, 2023 at 3:29 PM ^
Catapult needs a better PR department.
First of all, they're only dealing with this shit because Alabama put it in the spotlight. When we shut down our tablets in November we didn't announce it at a press conference. We only had to talk about it now because Alabama players (and the media) falsely accused Matt Weiss/Harbaugh/Stalions of the security breach.
But there it is, Alabama letting the world know that Catapult has security issues. So they rushed to put out statements to say they did their own internal investigation and found no wrongdoing. They should have stopped at that.
But, for some reason, they added that a mysterious local authority AND the NCAA were conducting investigations. That was so unnecessary.
December 31st, 2023 at 3:47 PM ^
Thanks, that clarified something for me. They've never actually said that their internal investigation "found no wrongdoing." What they've said more than once now is that there was no "security breach" or "unauthorized access" to their cloud server.
So they weren't hacked. Whoever accessed the data had authority to do so; access to that data by unauthorized parties happened away from their cloud server or was done in a way that it appeared to investigators to be authorized.
That's basically consistent with the allegations of an inside job.
(And of course I agree that anything beyond "we've investigated and found no [whatever they can honestly say they didn't find] was a mistake.)
December 31st, 2023 at 4:05 PM ^
Appreciate your correction.
December 31st, 2023 at 5:33 PM ^
It’s going to be very interesting watching them walk the balance beam explaining how there was a) “no unauthorized access” yet b) information or data has been released in an unauthorized or potentially illegal way and also c) the user base of football programs can be confident it’s safe to continue using the system.
December 31st, 2023 at 3:48 PM ^
nonetheless, I wonder if Catapult's business will take a hit.
December 31st, 2023 at 4:33 PM ^
I'm wondering if word has spread and started to affect their other lines of business. Is anyone in the Bayern Munich front office paying attention to this? Celtics or Warriors? Real Madrid? They've got some very big clients and not just here in the US and not just American football.
December 31st, 2023 at 4:03 PM ^
It is not a hack if employees that were formally at one school give the information to another. You could call it something else. Convenient.
December 31st, 2023 at 4:07 PM ^
Fox declares the henhouse secure.
December 31st, 2023 at 4:10 PM ^
Didn’t they acknowledge that they were?
edit: this is already clarified above.
December 31st, 2023 at 4:55 PM ^
This is a few hours old now and still only SI is reporting it. That’s unusual.