Netherlands’ governing unit for cycling announced a data breach involving stolen data from its database, consisting of members’ personal and contact details.
The agency urged its members to update all existing passwords following a ransom demand it received on Nov. 27. According to the Koninjlijke Nederlandsche Wielren Unie (KNWU), malicious hackers stole the entire content of its legacy database and is asking for an undisclosed amount.
Hackers claimed they won’t return the data if the governing body doesn’t pay up the ransom. However, KNWU is firm and said they won’t be attending to the demands of the cybercriminals as they have data backups.
Additionally, the cycling union also said they are unsure whether hackers can abuse the data stolen, and money wouldn’t be a safety net to prevent bad things from escalating. The database affected was a previous incarnation of the MijnKNWU platform, which contains members’ access to the benefits.
The agency said this particular platform was kept private since January, following its migration to a new system. Meanwhile, the union said no consequences are visible in line with its operations and MijnKNWU environment.
People can still renew their memberships and submit applications, while the investigation is still ongoing. The breach doesn’t impact the security protocols, in fact, the Netherlands Cycling Union is taking steps to improve its security.
In the meantime, members are urged not only to update login credentials but also to avoid clicking on any email links and filling out applications on email. These phishing strategies allow hackers to get a hold of the personal information and login credentials of members.
Any associated phone or email must be authenticated, even when the email claims members need to come to the KNWU for membership renewal. The association said members can validate the authenticity of the invoices and payment requests received.
The KNWU also alerted the police and the Dutch Data Protection Authority to investigate the matter at hand. They are working closely with the authorities and announced the incident on their website for awareness.
Information stolen by hackers includes the full names of members, home addresses, contact numbers, and benefits associated with several accounts. While the union doesn’t have an exact number of members involved, it’s taking extra steps to get more information.
KNWU organizes cycling events and competitions in the Netherlands, providing a roster of benefits, discounts, cycling insurance, and others.