Personal details of wealthy magnates, athletes and celebrities have been stolen. Entire 4,000-person database was exported by hackers.

SURREY, UNITED KINGDOM – Wentworth Golf Club, which has played host to the British Masters, Ryder Cup, and World Match Play Championship, has been hacked. Ransomware criminals accessed Wentworth Golf Club’s network earlier this month and have deployed a “double extortion” ransomware attack. In double extortion attacks, sensitive files are stolen by the hackers before encrypting files on the network. This gives cyber criminals more leverage in ransom negotiations, as they threaten to leak those sensitive documents if their demand is not met.

The membership information was stolen, but as of January 19th, it is not believed to have been leaked online or on the dark web. This likely indicates that negotiations with the hackers are either still underway, or were successful. A forensic investigation determined that the club’s ClubHouse Online system was accessed and the data file exported.

Stolen information is believed to include:

    • Names of members
    • Members’ dates of birth
    • Members’ home addresses
    • Members’ email addresses
    • Members’ phone numbers
    • The last four digits of members’ bank account numbers, used for direct debit payments

In his messaging to affected members, Wentworth’s general manager, Neil Coulson, said:

“I fully appreciate this will be concerning for you but we have taken third-party specialist advice and have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk.”

While hackers don’t have enough information to access the members’ bank accounts directly, attacks like this greatly increase the members’ exposure to future phishing campaigns. For example, armed with the last four digits of a bank account, cyber criminals are likely to launch smishing and email phishing attempts along the lines of “Immediate Attention Required – Bank Account XXXXXX-1234. Reply now to prevent account closure.”

Related: Research Shows 715% Increase in Ransomware in 2020

Golf course fairway.
Pictured: Wentworth Golf Club

How are double extortion ransomware attacks covered by Evolve’s cyber insurance?

Regarding the ransom payment itself, Evolve’s cyber policy agrees to reimburse the Insured for any ransom paid by the Insured, or on the Insured’s behalf, in response to an extortion demand first discovered by you during the period of the policy as a direct result of any threat to:

  • introduce malware, or the actual introduction of malware, including Ransomware, into your computer
    systems;
  • prevent access to your computer systems or data or any third party systems hosting your applications
    or data;
  • reveal your confidential information or confidential information entrusted to you; or
  • damage your brand or reputation by posting false or misleading comments about you on social media
    sites.

Often overlooked in comparison to the ransom payment, these attacks often require substantial Privacy Breach Management Costs. We cover both 1st and 3rd Party Privacy Breach Management Costs as follows:

First Party Coverage: 

  • IT Security and Forensic Costs ($500/hr)
  • Crisis Communication Costs ($500/hr)
  • 1st & 3rd Party Privacy Breach Management Costs ($1 – $3 per individual);
    • Credit Monitoring
    • ID Restoration & Theft Services
    • Call Center Damage Control

3rd Party Coverage:

  • Network Security Liability (Lawsuit Allegation)
  • Privacy Liability (Lawsuit Allegation)
  • Regulatory Fines & Penalties (Lawsuit Allegation)