World Rugby has had to suspend one of their websites after it was made a target of cyber-attack that revealed which hackers had obtained personal data from thousands of subscribers to one of their databases, as revealed by The Sunday telegraph.
It is presumed that the cyber criminals were able to acquire first name, email address as well as encrypted passwords of thousands of users which include the players, coaches and parents from all around the world after the security breach on 3rd May.
However, it is still not clear if this cyber-breach was a random attack to steal data or was World Rugby targeted by one of the cyber spying groups that had formerly leaked private information from websites of other sporting bodies such as WADA and the IAAF.
The website targeted by hackers was World Rugby’s training and education website but World Rugby’s main website which contained Rugby World Cup ticketing and fan data along with sensitive information regarding player’s disciplinary hearings.
World Rugby immediately took action and suspended the affected sites, denying access to databases when it detected this security breach and they even brought in data and technology experts to probe in this matter and the scope of this attack. These security experts will help prevent a similar attack in the future.
Since yesterday, the training and education portals remain closed. The subscribers were sent an email to warn them about this breach and were advised to change their passwords.
Sean Burnard, one of the subscribers who received the email said, “At first my concern was that it was a spoof email but then it was confirmed that there had been a security breach. My biggest concern now is that I cannot access the website to change my password. There is no information of value on there but I am concerned that someone has access to my personal information.”
A World Rugby spokesman claims that they are working with relevant regulators and said, “World Rugby takes the protection of data extremely seriously and acted immediately to determine the nature and scope of the issue, investigate how this incident occurred and to take steps to prevent a repeat situation.
As a precaution, World Rugby suspended access to the affected sites to run full diagnostics with area experts and the breach cause has been identified, isolated and remedied.”