Cyber Incident Victim: City To Bay Fun Run

In August 2014, the City To Bay Fun Run committee in Adelaide suspended online entries and took portions of its website offline following suspicions of unauthorized access to participant data. South Australia Police initiated an investigation through its e-crimes unit to determine whether a hacker had breached the website’s security. Committee chairman Trevor Fitzsimmons publicly disclosed that an unauthorized individual potentially accessed names, email addresses, and—in some instances—phone numbers of approximately 12,000 participants, representing 30% of the event’s 30,000 registrants. The breach timeline and intrusion methods remained under investigation, with no confirmed evidence that data had been copied or exfiltrated. Organizers emphasized that financial information was not stored on the compromised system, limiting the exposure to non-financial personal details. Immediate containment measures included disabling online registration capabilities to prevent further access while security improvements were implemented.

The incident prompted organizers to advise all participants to change their passwords for the Fun Run website and any other accounts where they had reused the same credentials. No disruptions to the scheduled September 21 event were reported, with physical activities proceeding as planned along Anzac Highway from Adelaide to Glenelg. The committee collaborated continuously with law enforcement to identify the scope of access and responsible parties, though no attribution or motive was disclosed publicly. Fitzsimmons reiterated the organization’s focus on securing participant data and restoring registration functionality, acknowledging the sensitivity of the exposed information. Impacted individuals received direct notifications about the potential compromise of their contact details, though no secondary misuse of data was confirmed during the initial response phase.