horse-racing

The Hive ransomware operation claimed responsibility for an attack on the New York Racing Association (NYRA), which previously disclosed that a cyber attack on June 30, 2022, impacted IT operations and website availability and compromised member data.

NYRA is the operator of the three largest thoroughbred horse racing tracks in New York, namely the Aqueduct Racetrack, the Belmont Park, and the Saratoga Race Course.

According to the security breach notifications sent to impacted individuals late last month and shared with the authorities last week, the threat actors may have exfiltrated the following member information:

  • Social security numbers (SSNs)
  • Driver's license identification numbers
  • Health records
  • Health insurance information

The data breach notifications also include details on how to enroll for a 24-month long identity protection service through Experian, the cost for which is covered by NYRA.

Additionally, the letter recipients should consider placing a credit freeze or ordering credit reports frequently and reviewing them carefully.

BleepingComputer has reached out to NYRA for more details on the incident, but we have not received a response yet.

From what seems to be the case, horse racing hasn't been impacted by the incident because there have been no changes in the calendar, and race betting continues as usual.

However, the association's website remains out of reach, which sends the message that the effects of the attack haven't been wholly mitigated yet.

NYRA's website still facing accessibility problems
NYRA's website still facing accessibility problems

Hive takes responsibility

Yesterday, the Hive ransomware gang took responsibility for the attack on NYRA by listing them as a victim on their extortion site.

Hive ransomware announcing NYRA on leak site
Hive ransomware listing NYRA on data leak site

The hackers have also published a link to freely download a ZIP archive containing all of the files they allegedly stole from NYRA's systems, so we can only assume that negotiations for a ransom payment have reached a dead end.

Hive is currently among the most active high-tier ransomware gangs, recently hitting Bell Canada and the Damart clothing store chain, while announcing several more victims that haven't publicly admitted a security incident.

Update 9/21/2022 - A NYRA spokesperson has shared the following comment with BleepingComputer:

On June 30, 2022, NYRA discovered suspicious network activity that had the markings of a potential cyber-attack. In response, NYRA immediately suspended the connectivity of all affected systems, notified the relevant law enforcement and regulatory authorities, and mobilized cyber-security professionals to investigate the nature and scope of the attack.

Over the ensuing weeks, NYRA and its team of experts performed detailed forensic analysis of the NYRA network and systems to determine the extent of the breach and exposure of customer information.

Fortunately, the damage done to the NYRA network was not connected to -day-to-day racing operations, customer wagering activity, NYRA Bets or NYRA television. As a result, there was no interruption to NYRA’s core operations.

There is currently no evidence to suggest that sensitive customer data or information was compromised by the data breach. However, NYRA discovered that those responsible for the attack gained access to files containing personally identifiable information of a group of NYRA employees and their beneficiaries.

NYRA has notified all individuals who may have been impacted as required under applicable state laws.

Related Articles:

UnitedHealth confirms it paid ransomware gang to stop data leak

Synlab Italia suspends operations following ransomware attack

Ransomware payments drop to record low of 28% in Q1 2024

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up