Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers claim to have compromised the personal & financial information of club members and employees.
The Qilin ransomware-as-a-service operation has listed the Wyong Rugby League Club as a victim on its darknet leak site.
The club was listed by the hackers on August 17, and while the hackers have not listed the volume of data allegedly compromised, they have alluded to thousands of lines of personal information being at risk.
“Wyong Rugby League Club, Australia, is a network of 12 organisations, each offering entertainment, recreational and dining opportunities and promoting membership of their club. It is the membership card that opens up a full range of entertainment for its holder. And these cards have become the company's weakest point,” Qilin said in its leak post.
“The company promised its customers that all this information would be completely confidential and would never be made public. And now this data, several thousand lines, has become available to everyone”
Qilin claims to have home addresses, phone numbers, and bank account details of the club’s members, as well as employee and financial data.
“In the published data of the company's intranet you can also find all financial documents, the cost of maintenance of entertainment centres, salaries of employees (and their personal data), as well as profits,” Qilin said.
In addition to these claims, Qilin has published several documents exfiltrated during the attack. This includes a pair of Employee Information forms that list tax file numbers and superannuation details, as well as personal information and next of kin details. Another document appears to be a list of club members alongside their addresses, phone numbers, and email addresses, while several documents regarding banking transactions of one of the clubs that operates under the Wyong Rugby League Club umbrella.
Cyber Daily contacted Wyong Rugby League Club regarding the threat actor’s claims, but has not received a response at this time.
Aside from the Wyong Rugby League Club itself, there are 11 other clubs operating under the Wyong Leagues Group, including the Wallarah Bay Recreation Club, Safety Beach Golf Club, and the Cootamundra Golf & Sports Club. The club also supports a number of charities and local sporting teams.
As of the Wyong Rugby League Club’s 2024 annual report, the club has more than 70,000 members on its books.
The Qilin ransomware-as-a-service operation was first observed in August 2022 and has claimed 698 victims since, making it one of the most active ransomware groups currently active. As a ransomware-as-a-service operation, Qilin hires out its ransomware to affiliates in return for a cut of any ransom payment.
Qilin’s most recent Australian victim was Belmont Christian College, which was listed by the group on August 7.
The European Union’s law enforcement agency, Europol, recently posted a US$50,000 reward for anyone who can provide information regarding two senior members of the hacking group.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
