Cyber Incident Victim: American Radio Relay League
Date:
May 2024
Location:
United States of America
Summary
The American Radio Relay League experienced a cyberattack disrupting its network and critical online services, including Logbook of The World—a contact confirmation system for amateur radio operators—and its Learning Center platform. The incident also impacted email communications and headquarters systems. While the organization confirmed no credit card or social security number data was compromised, member databases containing names, addresses, and call signs were potentially exposed. Restoration efforts are underway with assistance from external cybersecurity experts to resolve the operational outages and secure affected infrastructure. The nature of the attack remains unspecified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The American Radio Relay League (ARRL) announced on May 1, 2024, that it was responding to a serious cybersecurity incident involving unauthorized access to its network and headquarters-based systems. The disruption affected multiple critical services, including Logbook of The World (LoTW), the ARRL Learning Center, and organizational email systems. LoTW, a central platform for amateur radio operators to electronically log and confirm contact records (QSOs) and confirmations (QSLs) used for operator awards, became inaccessible during the outage. ARRL initially described the event as a "service disruption" but later updates confirmed it was a cyberattack. The organization prioritized restoring access to impacted systems and engaged external industry experts to assist with remediation efforts. By May 16, ARRL provided additional details about the incident's scope while maintaining that credit card information and social security numbers were not stored on compromised systems.
Member databases containing names, physical addresses, call signs, email preferences, and membership dates were confirmed as part of ARRL's digital infrastructure, though the organization clarified that email addresses were required for membership without explicitly confirming their storage format. Operational consequences included the prolonged unavailability of award-tracking systems and educational resources, directly impacting amateur radio enthusiasts' ability to validate communications or participate in training programs. ARRL issued public statements on May 16 and May 17 to address member concerns about potential data exposure while continuing restoration work. No ransomware claims or specific attacker methodologies were disclosed in available communications. The cyberattack's full technical cause and whether data exfiltration occurred remained unconfirmed as of the latest updates, with ARRL maintaining focus on system recovery and service reinstatement as its primary response objectives.