• World CyberCon India
Data Breaches Firewall Daily

Hive Ransomware Responsible for New York Racing Association Breach

After detecting the breach, the company immediately stopped connectivity to all impacted systems, and the relevant law enforcement authorities took over the case.

Hive Ransomware Responsible for New York Racing Association Breach
  • PublishedSeptember 22, 2022

Ransomware group Hive claimed responsibility for the cyberattack on horse racing track operator New York Racing Association that took place earlier this June. Following the attack, the hacker group obtained access to confidential data including the personal identifying information (PII) of the association’s employees and beneficiaries.

Twitter bot account @RansomwareNews posted the hacking collective’s claim on the microblogging and social networking platform. The tweet included the name of the group, the time, and the target of the attack.

What happened at NYRA

The New York Racing Association staff discovered the data breach on June 30. The Vice President of Communications at NYRA, Patrick McKenna, told intelligence company The Record that their staff found suspicious network activity that pointed towards the likeliness of a cyberattack.

After detecting the breach, the company immediately stopped connectivity to all impacted systems, and the relevant law enforcement and regulatory authorities took over the case. A cybersecurity team was also hired to investigate the attack.

The investigations went on for weeks, wherein a team of experts conducted a forensic analysis of the network and systems. This was also done to verify if any customer information was impacted.

As per the report, the hackers accessed files that contained the PII of a group of NYRA employees. PII usually contains sensitive information like social security number (SSN), address, email address, phone number, driver’s license, passport number, taxpayer identification number, bank account details, etc.

The company informed the impacted individuals of the data breach. However, they denied disclosing the specific number of people whose data was compromised in the breach.

The organization also offered Experian’s complimentary 24-month membership to help victims of the breach detect any suspicious activity, including identity theft.

Other systems are safe

Since the hacker accessed employee information alone, other data related to racing operations, customer wagering activity, NYRA Bets, or NYRA television were unaffected. “As a result, there was no interruption to NYRA’s core operations,” McKenna told The Record.

NYRA showed revenue of over $226 million in 2021 and had a staff base of nearly 800 employees. It operates the three largest racing tracks in the state of New York, the Saratoga Racecourse and Belmont Park.

Written By
Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes about cybersecurity-related news like data breaches, ransomware attacks, phishing attacks, etc. She also writes about ongoing cybersecurity-related developments and best practices. When not working, she likes self-reflecting, meditating, volunteering and going for long walks.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.