It was revealed last week that one of Melbourne’s first clubs – the historic Royal Brighton Yacht Club (RBYC) – fell victim to a ransomware attack by the Medusa gang.
According to Medusa’s darknet leak site, the gang stole over 94 gigabytes of data from the club, posting evidence including personal details of both members and employees, and internal documentation including financial information.
The RBYC advised Cyber Daily that the club was aware of the attack, with general manager Philip Hall commenting in a statement that Medusa ransomware had gained entry via a “compromised third-party (point-of-sale system) remote support tool”.
“Immediate steps were taken to contain the incident, and a cyber security partner was engaged to manage the response and remediation efforts. The ransomware was detected promptly, and actions were taken to isolate affected systems and restore services. Our top priority has been to ensure the security and privacy of our data and to minimise disruption to our operations,” the statement continued.
In his apology, Hall said the RBYC was fully cooperating with the Australian Cyber Security Centre, making the assurance the club was doing everything it could to address the breach.
From the evidence given on Medusa’s site, the stolen data includes names and contact details of members along with other club information such as membership fees.
Stolen data for the club’s employees includes superannuation information as well as other internal documents.
One leaked document contained login information for the club’s suppliers, including passwords in plain text.
Medusa’s deadline for payment of its $100,000 ransom is Wednesday (24 July).
Only two days after this attack on RBYC, the UK’s Liverpool Football Club received a similar setback after a cyber attack halted sales for its 2024-25 season tickets.
While no-one has yet claimed responsibility for the Liverpool Football Club attack, the bot-attack was reported to have been both sustained and sophisticated.
While the club initially advised the public that the ticketing failure was due to a serious technical issue, it later advised members of the attack, saying it was different from any it had experienced previously.
The club apologised for the incident.
“This is hugely disappointing and frustrating as we have made a number of significant improvements to our supplier’s ticketing system to try and prevent this type of cyber crime,” the club told Cyber Daily.
While the nature of the attack was not disclosed, media reports imply investigations are being carried out.
These incidents follow an attack on the Victoria Racing Club in June, and on Castle Hill RSL in March.