It seems that even the sport of kings isn't immune from ransomwareafter the New York Racing Association (NYRA) reported suffering an attack.
In a statement, the association said it discovered “suspicious network activity” in late June 2022 which had the markings of a potential cyberattack.
It moved quickly to disconnect all affected systems and notify cybersecurity experts and law enforcement. After a few weeks of investigations, NYRA found that the damage was limited, and that it was not connected to day-to-day racing operations. Customer wagering activity, NYRA Bets, as well as NYRA television, have all remained secure.
Customer data safe
“As a result, there was no interruption to NYRA’s core operations,” the association claimed.
It added there is currently no evidence of sensitive customer data being compromised, but some NYRA employees and their beneficiaries did have their sensitive data taken.
NYRA said it notified all affected individuals, and says threat actors might have obtained Social Security numbers, Driver’s license identification numbers, health records, and health insurance information, more than enough data to run an identity theft attack.
The notification also said that NYRA will be giving affected employees and their beneficiaries 24 months of identity protection services through Experian. Still, the victims should consider a credit freeze, or get frequent credit reports, to make sure they spot any suspicious activity, the association concluded.
Soon after news of the ransomware attack broke out, operators going by the name Hive took responsibility, and listed the data stolen in the attack on its data leak site. The site now hosts a ZIP archive, free to download, allegedly containing all of the files stolen from NYRA’s network, which should mean that the association declined paying any ransom demands in exchange for the data.
- These are the best malware removal tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.