Wentworth, one of the UK’s most prestigious golf clubs, has been forced to get down on both knees to its well-heeled membership of celebrities, business chiefs and sports stars after fessing up to the fact that their personal details have been stolen in a hack attack.
In an email sent out last week, the Surrey club has offered its “profuse apologies” for any worry or inconvenience following the theft – claimed to covers its entire list of 4,000 members – by “an unauthorised third party”.
The membership is understood to include Sir Michael Parkinson, Kevin Pietersen, Anton du Beke, John Terry and even Ant and Dec, as well as Sky Sports golf presenters Nick Dougherty and Di Dougherty.
The incident emerged late last week when hackers infiltrated the Wentworth IT system and sent out a post to members, seemingly demanding a payment in bitcoins to recover files.
The hackers then downloaded the file, including the names of members, dates of birth, home addresses, email addresses and landline numbers. It also contained the last four digits of bank accounts provided for direct debit payments.
The email, from Wentworth’s general manager Neil Coulson, said that the club’s IT provider had “confirmed to us that our ClubHouse Online was accessed by an unauthorised third party on January 4 and an export file was downloaded.
It went on: “The export file in question contains your personal details including your name, gender, home address, email address, landline number, and date of birth.
“I fully appreciate this will be concerning for you but we have taken third-party specialist advice and have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk.”
He said the club had taken “immediate steps to reset access to all our IT systems” and requested members “to remain vigilant to any unusual or unexpected approaches by phone, email or through social media”.
He added: “It is prudent to be aware that limited information may be used to try to persuade you to give out more confidential information. Please accept our profuse apologies for any worry and inconvenience this will cause you.”
The club has reported the breach to the Information Commissioner’s Office, where a spokesperson said: “”We received a data breach report from Wentworth Golf Club and will be assessing the information provided. People have the right to expect that their personal information is handled securely by any organisation.
“Anyone concerned about their personal information should contact Wentworth Golf Club, if they are not satisfied with the Club’s response, they can bring their concerns to us.”
A Wentworth spokesperson added: “We were made aware by our long-standing IT provider that some limited personal information may have been downloaded from our members’ online portal by an unauthorised third party.
“The amount of information in the file was well below that required to access any private account and therefore is considered low risk. Immediate action was taken to notify the ICO, we have reached out to all members and have disabled the portal.”
Street Fighter fans facing knockout as data is hacked
Blackbaud breach sparks legal threat to UK universities
National Trust among 125 hit by Blackbaud hack in UK
Crisis donors hit as fears grow over Blackbaud breach
Pitney Bowes hit as Maze ransomware strikes again
Ransomware car crash hits digital transformation giant
Half of UK firms would pay ransom to avoid GDPR fine
Over 40% of firms suffered cyber breach in past year
Firms warned over new wave of nefarious cyber attacks