Warning! Possible Hacking Attempt -RYA

Spirit (of Glenans)

Well-known member
Joined
28 Mar 2017
Messages
3,347
Location
Me; Nth County Dublin, Boat;Malahide
Visit site
I have just received an email purporting to be from the RYA, informing me of the hacking of one of their databases containing my account information ; email address and passwords, etc. The email contains what looks like a link to an explanation of how the data was encrypted, which one might be tempted to click on.
The thing is, I don't have an RYA account that I know of, so, perhaps I'm paranoid, but I reckon this email should be treated with caution.
 

pvb

Well-known member
Joined
16 May 2001
Messages
45,605
Location
UK East Coast
Visit site
I got it too, and I'm not an RYA member. I think they may have used databases from other places (eg here?) to send the email.
 

neilf39

Active member
Joined
6 Apr 2005
Messages
967
Location
Milton Keynes, Bucks, UK
www.konsortkoto.wordpress.com
I think it is real as went to the website and got a warning about a hack. Once logged in it automatically changed my password and emailed me the new one. Logged in with that and then had to change it to something new. I went to the website direct to do this so unless there was some DNS poisoning then it was the valid site.
 

Davy_S

Well-known member
Joined
31 Jan 2003
Messages
10,711
Location
in limbo at the mo.
Visit site
Same here, I am a member, it is a genuine RYA email, they have had a hack, like most organisations, nothing is safe anymore, only trust the person who looks at you from a mirror!
 

laika

Well-known member
Joined
6 Apr 2011
Messages
8,142
Location
London / Gosport
Visit site
I most definitely have an RYA account and have received nothing. I didn't however submit my details to safetrx which I suspect many non-rya members might have done
 
Last edited:

Davy_S

Well-known member
Joined
31 Jan 2003
Messages
10,711
Location
in limbo at the mo.
Visit site
To the RYA Community,
We are writing to notify you about an issue that may involve your RYA account information. We value your privacy and we take our obligation to safeguard your personal data very seriously.​

What Happened?

On 17 January 2020 we became aware that an unauthorised party accessed and may have acquired a database created in 2015 associated with a number of RYA user accounts containing personal data. The affected information included email addresses and RYA website passwords which were encrypted and therefore not visible. The affected data did not include any financial or payment information and in this stage in our investigation there is no evidence that this data has been misused. The database was legacy test data hosted on a third party server and it appears that the unauthorised party who gained access subsequently deleted that database.
What are the consequences for you?
In the unlikely event that the data was copied, and the more unlikely case that the password encryption was broken, the key risk would be the potential to access other systems where individuals had used the same email address and password (and not changed them in the last 5 years) or the ability to build a more complex individual picture to support a targeted digital attack or fraud.
What you should do
We value your privacy and we take our obligation to safeguard your personal data very seriously.
  • Please reset your RYA account password immediately.
  • We recommend that you change your password for any other account on which you use the same or similar information used for your RYA account and review those accounts for any suspicious activity.
  • Please contact Dave Strain, RYA Data Protection Officer: dpo@rya.org.uk if you have any immediate concerns
You should always:
  • Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
  • Avoid clicking on links or downloading attachments from suspicious emails.
What We Are Doing


We have conducted a thorough audit of all other RYA Data sources and are confident that their integrity has not been compromised. We are working with data security consultants to assist in our investigation and we have notified and are coordinating with the Information Commissioner’s Office.

We will provide more information to those users potentially impacted by this possible breach as soon as possible.
For more information
For more information on how we are safeguarding your personal data, please go to the FAQ web page on the technical support hub at https://www.rya.org.uk/support/Pages/data-security-faqs.aspx.

Yours sincerely,

Dave Strain FCCA
Data Protection Officer
Royal Yachting Association

E: dpo@rya.org.uk
Royal Yachting Association
RYA House, Ensign Way, Hamble, Hants, SO31 4YA
Company number 00878357
 

neilf39

Active member
Joined
6 Apr 2005
Messages
967
Location
Milton Keynes, Bucks, UK
www.konsortkoto.wordpress.com
Not with the email address they used.
Ever entered one of their competitions or bought anything from them? Have you had any other emails from them in the past? Maybe got on to one of their mailing lists which is part of the same database. Could be they were an associate of a site you do have a login with and your details were shared if you ever clicked on, or didn't unclick one of those boxes saying your details could be shared with other parties. It is so easy for other companies to get your email and other details.
 

laika

Well-known member
Joined
6 Apr 2011
Messages
8,142
Location
London / Gosport
Visit site
I guess they will be reporting themselves to the Office of the Data Cmmissioner for the breach.

I have in the past spoken with RYA data protection department. I had some concerns about data security in the move to safetrx. They gave me every confidence that they knew what they were doing and from a procedural point of view I would trust that they would fulfill any legal obligations as data controllers. Assuming the mail is genuine, notifying everyone of a data breach in less than a week shows responsibility.

This is procedural security though and ultimately they're relying on 3rd parties for practical security. Sounds like it was the practical side with a 3rd party that broke.

Has anyone who got the mail mailed them to ask about it? I confirm that that is indeed their data protection office address.
 

Boathook

Well-known member
Joined
5 Oct 2001
Messages
7,557
Location
Surrey & boat in Dorset.
Visit site
I've just noticed that I had an email from the RYA yesterday afternoon. I went to the website and logged in and there was a warning message so it is genuine. Followed instructions and 'reset' password.
 

VicS

Well-known member
Joined
13 Jul 2002
Messages
48,143
Visit site
I've just noticed that I had an email from the RYA yesterday afternoon. I went to the website and logged in and there was a warning message so it is genuine. Followed instructions and 'reset' password.
As I understand it from the information on the RYA website the real trouble could be with other sites where you have used the same email address as ID and the same password if your details have been hacked

Incredibly I have not used the same password on any other site but will change the RYA password as a precaution
 

VicS

Well-known member
Joined
13 Jul 2002
Messages
48,143
Visit site
Where was the message on the RYA site as I could not find any?
Yesterday I think I followed one of the links given earlier in this thread but today a message appeared as soon as I tried to log in

however you can go to "Support" on the dark blue header bar, then to "Data security FAQs"
 
Top