Australian equestrian organizations impacted by third party hack

Several Australian horse riding organizations have been affected by a cyber attack that exposed the sensitive information of approximately 10,000 individuals. The initial data breach occurred in September 2022, but is now publicized after the ransom wasn't paid and the data was posted on the dark web.

The attack specifically targeted a company called Event Secretary, which served as a platform for major Australian equestrian organizations to facilitate bookings and entries into equestrian competitionsThe personal information of riders and administrative users has been compromised. Event Secretary was involved in managing multiple events, including an internationally significant competition used for Olympic qualifications.

The cyber criminals claim to have acquired the following data of approximately 10,000 Australians, including jockeys:

• names,
• email addresses,
• residential addresses,
• phone numbers
• bank details, including BSB and account numbers.

After their ransom demands were not met, the hackers posted the stolen data online.

Event Secretary reported that the breach was the result of an API (Application Programming Interface) breach, which was resolved within 48 hours.

The hackers initially attempted to extort money by falsely notifying individuals that they had won a monthly equestrian prize. When their demands were ignored, they threatened to publish the data on the dark web.

Event Secretary did not respond to this blackmail attempt, and there has been no further communication with the hackers since November of the same year. The company promptly followed the necessary procedures and notified the affected individuals within 24 hours of the breach, in accordance with government protocols.

It has been revealed that two major equestrian organizations in Australia, the Horse Riding Clubs Association of Victoria (HRCAV) and Equestrian Victoria, were affected by this security breach. Equestrian Victoria disclosed that data from approximately 500 riders was leaked during the cyber attack, emphasizing that the breach originated from a third-party entry platform and did not involve the data of Equestrian Australia or Equestrian Victoria members. The affected riders were promptly notified at the time, and Equestrian Victoria assures its members that necessary measures have been taken to protect their privacy. They also confirmed that no Olympic athletes were among the impacted individuals. The HRCAV did not provide any comments in response to the incident.