horse racing
Image: Philippe Oursel via Unsplash

Cyberattack on New York Racing Association leaked personal info of employees

The New York Racing Association (NYRA) said a cyberattack in June led to the leak of sensitive information from employees and their beneficiaries.

The NYRA operates the three largest thoroughbred horse racing tracks in the state – including Belmont Park and the Saratoga Race Course – and helps generate about $3 billion in economic impact for New York state.

The organization had a revenue of more than $226 million last year and has nearly 800 employees.

NYRA Vice President of Communications Patrick McKenna told The Record that on June 30, their staff discovered “suspicious network activity that had the markings of a potential cyberattack.”

“In response, NYRA immediately suspended the connectivity of all affected systems, notified the relevant law enforcement and regulatory authorities, and mobilized cyber-security professionals to investigate the nature and scope of the attack,” McKenna said.

“Over the ensuing weeks, NYRA and its team of experts performed detailed forensic analysis of the NYRA network and systems to determine the extent of the breach and exposure of customer information.” 

The hackers gained access to files containing personally identifiable information of a group of NYRA employees and their beneficiaries.

McKenna declined to comment on how many employees were affected but he did say that the organization has already contacted anyone who may have been impacted by the incident.

He said that while the attack affected employee information, the damage done to the NYRA network “was not connected to day-to-day racing operations, customer wagering activity, NYRA Bets or NYRA television.” 

“As a result, there was no interruption to NYRA’s core operations,” he said. “There is currently no evidence to suggest that sensitive customer data or information was compromised by the data breach.”

On Monday, the Hive ransomware group added the organization to its list of victims. 

Hive first appeared in June 2021 and has become one of the most active groups today, registering more than 150 attacks in August. The group has been implicated in attacks on critical infrastructure, healthcare organizations and more.

In August 2021 and January 2022, the FBI and Spain’s incident response agency released reports detailing the ransomware group’s operations after seeing spikes in activity from the gang. 

Just last week, the group publicized an attack on a subsidiary of multibillion-dollar telecommunications giant Bell Canada. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.