Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.
The prestigious private Wentworth golf and country club, whose members include high profile celebrities, sports stars, and top business people, has sent out an email offering its “profuse apologies” after its members’ list was accessed by cybercriminals.
However, according to The Telegraph<, the first club members knew of the problem, was when an unauthorised message appeared on the “Wentworth at Home” internet page claiming that “your personal files are encrypted!” and demanding a Bitcoin cryptocurrency payment for a decryption key.
As is increasingly common, the attackers did not just encrypted data on the private golf and country club’s network – but also stolen some of it in an attempt to increase their chances of a payout.
It is thought that the data stolen from Wentworth’s network includes:
- Names of members
- Members’ dates of birth
- Members’ home addresses
- Members’ email addresses
- Members’ phone numbers
- The last four digits of members’ bank account numbers, used for direct debit payments
In its warning to affected club members, Neil Coulson, Wentworth’s general manager, attempted to reassure members that their accounts were not at risk:
“I fully appreciate this will be concerning for you but we have taken third-party specialist advice and have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk.”
However, the exfiltrated information could potentially be exploited in cybercriminal campaigns to scam unwary members of the exclusive club, or even put them in physical danger.
Affected members would be wise to be alert to phishing emails and unexpected communications claiming to come from the club which may attempt tp extract further details, as well as take steps to ensure their personal safety if they would not want their home address to be public knowledge.
Vigilance, as ever, is paramount.
Wentworth Golf Club has informed the Information Commissioner’s Office (ICO) of the incident.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.