The NFL Draft called an unexpected audible last week; one that didn’t involve a playbook but a privacy breach. A prank caller impersonating an NFL general manager during the draft spotlighted two pressing cybersecurity issues: the protection of confidential data and the risks tied to remote work. SentinelOne notes that the remote workforce has grown fivefold since 2019, increasing vulnerabilities and exposure to cyber threats. A study from the Stanford Institute notes that 42% of workers now operate remotely at least once a week, significantly raising the threat surface for data breaches. “The sharp increase in working remotely raises critical concerns related to data security,” notes SentinelOne.

Incident Details: Access to Confidential NFL Data
During the draft, Jax Ulbrich, son of Atlanta Falcons defensive coordinator Jeff Ulbrich, accessed sensitive information on an unattended iPad. He used contact data to prank call quarterback Shedeur Sanders and impersonated an NFL general manager. The prank breached NFL confidentiality standards.
NFL Responds With Fines and Protocol Reviews
The NFL responded swiftly. On April 30, it fined the Falcons $250,000 and Jeff Ulbrich $100,000. Both Ulbrichs publicly apologized. The league also announced that it is reviewing protocols to prevent future incidents. The Falcons also pledged full cooperation.
Legal Insight From Paul Hastings LLP
The law firm Paul Hastings LLP analyzed the situation and pointed out key failures in remote work protocols. Putting it bluntly, “This should be a wake-up call for other organizations.”
Key recommendations include:
- Training staff on device usage and data security.
- Restricting family access to work devices.
- Conducting risk assessments on personal hardware.
- Using multifactor authentication and automated logouts.
- Reviewing confidentiality obligations with employees.
A Broader Wake-Up Call for Businesses
The NFL draft prank might be cast off as a tabloid amusement. But it offers a more cautionary and lasting tale. Organizations must reassess their remote security frameworks, particularly in sectors where confidential data flows freely outside office walls. The prank call incident is a clear reminder that once exposed, sensitive data can cause regulatory, reputational, and legal damage – even from a home device.
Other News: CISA Releases Draft Update to Cyber Incident Response Plan for Public Review(Opens in a new browser tab)