The Royal Yachting Association (RYA) have reset the passwords for all its web users upon discovering a potential data breach.
In a notice, the RYA explained that it had become aware of an unauthorised party that had accessed and “may have acquired” a database created in 2015.
The database contains the personal data of a number of RYA user accounts. Affected information included email addresses and RYA website passwords which were not visible due to being encrypted.
“The affected information included name, email and hashed passwords – the majority held with the salted hash function, which is used to secure passwords,” RYA explained.
No financial or payment information has been affected, and no evidence has been found of this data being misuse13d.
Despite passwords being hashed and salted, the RYA are requiring all RYA web users to change their passwords, to which account access will be disabled until a new password has been set.
The RYA are engaging with leading data security firms to assist in their investigation, and the Information Commissioner’s Office have been notified.
“In the unlikely event that the data was copied, and the more unlikely case that the password encryption was broken, the key risk would be the potential to access other systems where individuals had used the same email address and password (and not changed them in the last 5 years) or the ability to build a more complex individual picture to support a targeted digital attack or fraud,” explained the RYA.
RYA web users are urged to remain vigilant and cautious of any unsolicited communications that ask them for their personal data, and to avoid clicking on links or downloading attachments from suspicious emails.
The association clarified that any emails sent from the RYA regarding this issue does not contain attachments and does not request for any personal data.
The post #Privacy: Royal Yachting Association discloses potential data breach appeared first on PrivSec Report.