Cyber criminals have targeted yet another Australian small business by stealing and leaking the data of 10,000 people.

Last month, the data of a little-known company called Event Secretary was published on an online forum.

Unfortunately, Event Secretary was the platform that several major Australian horse riding organisations used to book and enter into equestrian competitions and this has exposed riders and other admin users to hackers.

In fact, Event Secretary was involved in the running of multiple events, including an international level event which is used for Olympic qualifications.

The criminals claim to have obtained the names, email addresses, residential addresses, phone numbers and bank details of 10,000 Australians. The bank details appear to be the BSB and account number of users.

They posted the data online after ransom demands were not met, nearly a year after stealing the data in September 2022.

“10,000 records from Australia users Equestrian website,” the hackers wrote.

A spokesperson of Event Secretary, the victim of the cyber security incident, told news.com.au the hack had occurred nearly a year ago.

“We followed all the procedures the government had in place. We certainly notified all the people concerned within 24 hours,” he told news.com.au.

He said the hack had occurred because of an API breach and this was resolved within 48 hours.

“The hackers’ initial attempt to extort money was done by sending people an email that they had won a monthly equestrian prize,” the company said.

“When there was no response, they attempted to blackmail Event Secretary that they would publish the data on the dark web.

“Event Secretary did not respond to this request. Since November last year there has been no correspondence with any illegal entity.”

They lodged reports with several government agencies including the ACSC, Australian Signals Directorate, Register Office of Information Commissioner, OAIC, and ID Care.

While it is true the total number of personal records accessed was about 10,000, there were also duplicate entries in the hacker’s data set.

Equestrian organisations caught up in cyber attack

Two major organisations in Australia’s equestrian industry are understood to have been caught up in the security breach, news.com.au understands.

The Horse Riding Clubs Association of Victoria (HRCAV) and Equestrian Victoria used Event Secretary to host various events.

Equestrian Victoria said 500 of their riders had their data leaked from the cyber attack.

“Equestrian Victoria was made aware of a data breach from our Spring Horse Trials in September 2022,” a spokesperson told news.com.au.

“The data breach happened via a third party entry platform and was not Equestrian Australia or Equestrian Victoria data or related to our membership.

“We were made aware of 500 riders’ data being accessed … The affected riders were notified of the breach at the time.

“Equestrian Victoria takes the privacy of our member’s data seriously and we are confident that all the necessary steps have been taken to protect our members.”

They denied that any Olympic athletes were part of this impacted group.

The HRCAV did not respond to requests for comment.

Event Secretary is just the latest Australian firm to be revealed to have fallen victim to a sophisticated cyber attack.

In June, major accounting firm PwC fell prey to a notorious group of Russian hackers.

Earlier that month, law firm HWL Ebsworth had stolen data related to hundreds of clients that spanned back at least five years. The firm said in a court hearing it had spent more than 5000 hours battling the hack.

There was also the hack of financial firm Latitude, which saw the passport numbers, driver’s licences and/or Medicare numbers stolen from 333,000 customers.

Last year, Medibank and telco company Optus also lost millions of customer data to two separate hacks.

alex.turner-cohen@news.com.au