HIVE Ransomware Claims Responsibility for NYRA Attack
Personal Data of Members Were Compromised as a Result.
The New York Racing Association disclosed that, on June 30th, a cyberattack impacted IT operations, website availability, and compromised member data. NYRA is operating the three largest thoroughbred horse racing tracks in New York, namely the Aqueduct Racetrack, the Belmont Park, and the Saratoga Race Course.
The Hive ransomware group, which was recently responsible for a cyberattack that hit Bell Canada, listed yesterday NYRA as a victim on their extorsion site. Together with the post, the hackers also published a free-to-download ZIP archive containing all the files stolen from NYRA’s systems.
Hive listing NYRA on their data leak site (Source)
What Information Was Stolen?
NYRA sent a notification to the impacted individuals late last month, informing them about the breach. Hive was able to exfiltrate the personal information of members including:
- Social Security Numbers (SSNs)
- Driver’s license identification numbers
- Health records
- Health insurance information
Local authorities were informed of the incidents and are helping NYRA with the investigations. Impacted individuals were advised to place a Security Freeze on their credit cards, as well as to verify their credit reports for inquiries that they did not initiate and report them to the designated credit reporting agency.
No changes in the racing schedules were made, indicating that the incident did not impact the competitions. Currently, the association’s website remains unavailable, as they are still working on mitigating the effects of the attack.
BleepingComputer reached out to the association to find out more details regarding the incident. A spokesperson of NYRA had the following to say about the incident:
Fortunately, the damage done to the NYRA network was not connected to day-to-day racing operations, customer wagering activity, NYRA Bets, or NYRA television. As a result, there was no interruption to NYRA’s core operations.
In response to the attack, NYRA declared that they have immediately suspended the connectivity of all the affected systems and mobilized cybersecurity professionals to investigate the nature and scope of the attack. The association and its teams of experts performed a detailed forensic analysis of its network and systems to determine the extent of the breach and what information were the hackers able to access.
There is currently no evidence to suggest that sensitive customer data or information was compromised by the data breach. However, NYRA discovered that those responsible for the attack gained access to files containing personally identifiable information of a group of NYRA employees and their beneficiaries.
As required under applicable state laws, all individuals affected by the attack were notified by NYRA.