The American Radio Relay League (ARRL), the national body for amateur radio in the United States, has provided additional information concerning the May 2024 cyber incident. The ARRL cyberattack pulled its Logbook of the World (LoTW) down, leaving many members upset with the organization’s perceived lack of information.
According to the latest update from ARRL, on or around May 12, 2024, the company experienced a network attack by a malicious international cyber group. Upon discovering the ARRL cyberattack, the organization immediately involved the FBI and joined third-party experts to assist with the investigation and remediation efforts.
The FBI categorized the ARRL cyberattack as “unique,” due to its nature, compromising network devices, servers, cloud-based systems, and PCs.
ARRL’s management quickly set up an incident response team to contain the damage, restore servers, and test applications to ensure proper operation.
In a statement, ARRL emphasized its commitment to resolving the issue: “Thank you for your patience and understanding as our staff continue to work through this with an outstanding team of experts to restore full functionality to our systems and services. We will continue to update members as advised and to the extent we are able.”
ARRL Cyberattack: Lack of Information
Despite ARRL’s efforts, many members felt that the company was not forthcoming enough with information. A Facebook user posted a lengthy note criticizing ARRL’s communication strategy.
The Facebook user post read, “We still don’t know what they haven’t told us and maybe it is important, maybe not. The point is very clear that the communication to the membership about the incident is very unprofessional and limited in its scope. Nobody needed critical details, they needed to be treated like they are members of an organization, not subjects to the king.”
The Facebook user pointed out several gaps in ARRL cyberattack updates, such as the absence of information about the phone systems being down and the lack of a communication path for interim assistance.
Timeline of ARRL Cyberattack Updates and Service Restoration
May 17, 2024: ARRL assured members that their personal information, such as credit card numbers and social security numbers, was not stored on their systems. The organization only holds publicly available information like names, addresses, and call signs. However, there was still no mention of the phone systems being down or alternative communication paths for assistance.
May 22, 2024: ARRL provided an update stating that the LoTW data was secure and not affected by the server issue. They also mentioned the upcoming July issue of QST magazine, which would be delayed for print subscribers but on time digitally. Yet again, there was no mention of the phone systems or email service disruptions.
May 29, 2024: The ARRL Volunteer Examiner Coordinator resumed processing Amateur Radio License applications with the FCC. Voice bulletins at W1AW, the Hiram Percy Maxim Memorial Station, also resumed. ARRL’s store orders resumed shipping, and the e-newsletter services were back online. Finally, the organization acknowledged the phone system outage.
May 31, 2024: ARRL announced that their phone system was back in service, and provided contact information for members. They also shared details about upcoming contests and magazine issues, including limited functionality of the Contest Portal. Members were reminded that they could renew their memberships online or by phone.
Ongoing Communication Issues
Despite these updates on ARRL cyberattack, members continued to express dissatisfaction with ARRL’s handling of the situation. The Facebook post that critiqued ARRL’s communication was particularly poignant, summarizing the frustration felt by many.
While ARRL has taken significant steps to address the data breach and reassure its members, there is a clear need for more consistent and detailed communication moving forward.
