>
It seems that even the sport of kings is not immune to ransomware (opens in new tab)after the New York Racing Association (NYRA) reported they had a seizure.
In a statement, the association said it discovered “suspicious network activity” in late June 2022 that had the markings of a possible cyber attack.
It quickly sprang into action to disconnect all affected systems and notify cybersecurity experts and law enforcement. After a few weeks of investigation, NYRA found that the damage was limited and unrelated to day-to-day racing activities. Customer betting activities, NYRA Bets and NYRA television have all remained safe.
Customer data safe
“As a result, there was no disruption to NYRA’s core business,” the association claimed.
It added that there is currently no evidence that sensitive customer data has been compromised, but some NYRA employees and their beneficiaries have had their sensitive data stolen.
NYRA said it has notified all affected individuals and says threat actors may have obtained Social Security numbers, driver’s license identification numbers, medical records and health insurance information, more than enough data to carry out an identity theft attack.
The notification also stated that NYRA will provide the affected employees and their beneficiaries with 24 months of identity protection services through Experian. Still, victims should consider a credit freeze, or get regular credit reports, to make sure they spot suspicious activity, the association concluded.
Shortly after news of the ransomware attack broke, operators under the name Hive took responsibility and listed the data stolen in the attack on their data breach site. The site now houses a ZIP archive, free to download, that allegedly contains all of the files stolen from NYRA’s network, which should mean that the association refused to pay ransom in exchange for the data.
Through: BleepingComputer (opens in new tab)