Event Secretary, a small Australian company that serves as a platform for major horse riding organizations, has suffered a cyber attack resulting in the theft and leak of personal data belonging to 10,000 individuals.
The criminals claim to have accessed names, email addresses, residential addresses, phone numbers, and bank details of the victims.
After their ransom demands went unmet, the hackers published the stolen data online nearly a year after the initial breach. This incident is part of a growing trend of cyber attacks on Australian businesses, including PwC, HWL Ebsworth, Latitude, Medibank, and Optus, highlighting the urgent need for stronger cybersecurity measures.
Event Secretary, known for managing various equestrian events, including those related to Olympic qualifications, had become a vital platform for riders and administrators. The breach exposed sensitive information, leading to concerns about potential identity theft and fraud.
The company claims to have followed government procedures, promptly notifying those affected by the breach. The hack was traced back to an API breach and was reportedly resolved within 48 hours. However, the criminals attempted to extort money from Event Secretary before resorting to publishing the data on the dark web.
The impact of the cyber attack extended beyond Event Secretary, affecting major organizations in the equestrian industry. Equestrian Victoria confirmed that 500 riders had their data leaked from the breach but emphasized that the incident was related to a third-party entry platform and not their internal data.
While no Olympic athletes were reported as victims, the breach highlights the vulnerability of interconnected systems and the importance of securing third-party platforms.
The event serves as a reminder of the increasing sophistication and frequency of cyber attacks targeting Australian businesses, necessitating greater investment in cybersecurity measures to protect sensitive personal information.