Share this article on:
Following a 13 June ransomware attack, the hackers have posted more than 120 gigabytes of data to the dark web as VRC continues to investigate the scope of the incident.
The Medusa ransomware gang has published 128.1 gigabytes of data stolen from the Victoria Racing Club (VRC) following its hack of the organisation on 13 June.
According to a counter on the gang’s website, 1,068 people have apparently viewed the dark web post since it first went live.
The data is difficult to access, however, given the nature of both the dark web and Medusa’s leak site. The VRC is looking into the data dump but so far believes no membership data has been compromised.
“Victoria Racing Club (VRC) recently experienced a cyber incident where an unauthorised third party accessed our systems and downloaded data from one internal file server. As soon as we detected the incident, we immediately engaged leading experts to contain and investigate the incident,” Steve Rosich, Victoria Racing Club CEO, said in a statement shared with Cyber Daily.
“Based on investigations undertaken, VRC can confirm that member information is generally stored in a database held on a separate server not impacted by this incident. There is also no evidence that the unauthorised party attempted to interact with, view, modify or copy data from the server that hosts member data.”
Rosich said that the VRC is communicating with “employees, members and partners” about the incident and has offered support and advice on protecting personal data and staying aware of possible scams in the wake of the incident.
“We are urgently investigating the nature and extent of the impacted data to confirm whether it contains personal information that could pose a risk to employees, members or partners. We will communicate directly with our stakeholders if our investigation identifies evidence that their personal information has been affected, in line with our obligations,” Rosich said.
The VRC has reported the incident to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
“We are operating as normal, and there has been no interruption to our operations, and we will continue to update our employees, members and partners with any information that is relevant to them,” Rosich said.
“The protection of our stakeholders’ information is our highest priority, and we apologise for any concern this incident has caused.”
The VRC originally reported it had fallen victim to a hack on 14 June, with Medusa posting its US$700,000 ransom demand soon after.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.