Thoroughbred horse racing track operator New York Racing Association had its employees' and beneficiaries' sensitive data compromised following a cyberattack in June, according to The Record, a news site by cybersecurity firm Recorded Future.
Suspicious activity has been detected in NYRA's network on June 30, prompting the organization to immediately suspend all impacted systems' connectivity, while informing law enforcement and seeking cybersecurity experts' assistance in investigating the incident. While the attack has exposed personally identifiable information from NYRA's employees and beneficiaries, it has not affected operations.
"There is currently no evidence to suggest that sensitive customer data or information was compromised by the data breach," said NYRA Vice President of Communications Patrick McKenna.
Responsibility for the attack has since been claimed by the Hive ransomware gang, which included the organization on its victim list on Monday. Since its emergence last June, Hive has become one of the most prolific ransomware operations, having launched over 150 attacks last month.
New York Racing Association employee data compromised in cyberattack
Thoroughbred horse racing track operator New York Racing Association had its employees' and beneficiaries' sensitive data compromised following a cyberattack in June, according to The Record, a news site by cybersecurity firm Recorded Future.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.
While the intrusion was initially detected on September 27, attackers were able to infiltrate MoneyGram's network between September 20 and September 22, enabling the theft of customers' names, birthdates, contact details, government identification document copies, bank account numbers, transaction details, and MoneyGram Plus Rewards numbers.