The Hive ransomware operation claimed responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data.
NYRA is the operator of the three largest thoroughbred horse racing tracks in New York, namely the Aqueduct Racetrack, the Belmont Park, and the Saratoga Race Course.
According to the security breach notifications sent to impacted individuals late last month and shared with the authorities last week, the threat actors may have exfiltrated the following member information:
- Social security numbers (SSNs)
- Driver’s license identification numbers
- Health records
- Health insurance information
The data breach notifications also include details on how to enroll for a 24-month long identity protection service through Experian, the cost for which is covered by NYRA.
Additionally, the letter recipients should consider placing a credit freeze or ordering credit reports frequently and reviewing them carefully.