Cyber Incident Victim: Chicago Yacht Club

The Chicago Yacht Club experienced a computer security breach affecting member data, first detected after its systems crashed on June 15, 2014. An investigation by a hired computer firm revealed malware had likely been installed on one of the club’s servers between April 26 and May 22 of that year. The compromised server hosted the club’s membership database software but was separate from the third-party payment system used for member account transactions, which remained unaffected. Commodore Gerald Bober notified members via letter dated July 31, 2014, disclosing that unauthorized access may have exposed names, addresses, and in limited cases, bank account or credit-card numbers. The club initiated corrective measures including rebuilding the breached server, replacing point-of-sale servers, and reviewing security protocols to prevent future incidents.

Member reactions to the breach varied significantly. Attorney James Mescall expressed concern over delayed notification, having received the letter on August 1. Former member Lee Neubecker, a computer forensics expert, discovered suspicious bank transactions under investigation by his financial institution and criticized the club’s delayed communication, later publishing the notification letter online for broader awareness. High-profile members impacted included insurance executive Pat Ryan, Chicago Blackhawks owner Rocky Wirtz, and architect Dirk Lohan, though some like Lohan and attorney Ted Tetzlaff downplayed concerns, with Tetzlaff noting his use of checks for payments. The club did not publicly confirm the number of affected individuals or specific attacker methodologies beyond the malware installation timeframe. No spokesperson provided additional comment following Bober’s initial referral of inquiries to a phone number listed in the member letter.