What happened in the Victorian Racing Club (VRC) cyber incident?

The Victorian Racing Club (VRC) suffered a significant cyber incident, confirmed on June 14 by Chief Executive Officer Steve Rosich. The Medusa ransomware gang claimed responsibility for the attack and posted 128.1 gigabytes of VRC data to its darknet leak site.

Who is responsible for the VRC cyber incident?

The Medusa ransomware gang claimed responsibility for the VRC cyber incident.

What type of data was exposed in the VRC cyber incident?

The exposed data includes financial details of gaming machines, prizes won by VRC members, customer invoices, marketing details, names, email addresses, and mobile phone numbers. The data also includes information about gaming machines administered by Aristocrat Games and operated at Headquarters Tavern, Flemington Race Course.

What steps has VRC taken in response to the cyber incident?

VRC has hired leading experts to assist with the response and investigation. The Australian Cyber Security Centre has been informed, and the club is investigating to determine whether there has been unauthorized access to their data.

Has VRC disclosed the number of affected individuals?

No, VRC has not disclosed the number of affected individuals.

Are there any notable details about the exposed data?

Yes, the exposed data includes information related to deceased racing identity Bart Cummings and data as recent as 2023. Additionally, at least one email address belongs to an employee of SA Health, South Australia’s health department.

Incident

Victorian Racing Club hit by Medusa ransomware gang, over 100GB of data exposed

published: June 15, 2024

Learn More

The Victorian Racing Club (VRC) has suffered a significant cyber incident, confirmed on June 14 by Chief Executive Officer Steve Rosich.

The Victorian Racing Club (VRC) is a horse racing organization based in Melbourne, Victoria, Australia. Founded in 1864, the VRC is best known for hosting the Melbourne Cup, a major event in the Australian racing calendar.

The Medusa ransomware gang has claimed responsibility for the attack and posted 128.1 gigabytes of VRC data to its darknet leak site. The hackers demanded US$700,000 for deletion of the data, the same amount for anyone else to buy the data and US$10,000 for a one-day extension of the deadline.

VRC has hired leading experts to assist with the response and investigation and yhe Australian Cyber Security Centre has been informed. The club is investigating to determine whether there has been unauthorized access to their data.

Data Exposed:

Financial details of gaming machines
Prizes won by VRC members
Customer invoices
Marketing details
Names
Email addresses
Mobile phone numbers

No details are disclosed about the number of affected individuals.

The stolen data includes information about gaming machines administered by Aristocrat Games and operated at Headquarters Tavern, Flemington Race Course. At least one email address belongs to an employee of SA Health, South Australia’s health department. Historical data includes information related to deceased racing identity Bart Cummings. Some data appears to date as recently as 2023.

Victorian Racing Club hit by Medusa ransomware gang, over 100GB of data exposed

Read More
Rumpke Waste and Recycling hit by ransomware attack
Ventia - Critical Infrastructure Service Provider Shuts Down …
Legal Practice Board of Western Australia hit by …
Group 1001 Subsidiaries report Data Breach after Ransomware …
University of Hawaii Community College targeted by ransomware