Cyber Incident Victim: Koninklijke Nederlandsche Wielren Unie
Date:
Nov 2020
Location:
Netherlands
Summary
The Koninklijke Nederlandsche Wielren Unie experienced a data breach involving a legacy member database that was no longer publicly accessible but retained for internal historical purposes. Attackers exfiltrated personal information including names, email addresses, residential details, birth dates, payment data, and cycling club membership records of approximately 90,000 individuals associated with the organization's events. The incident involved a ransom demand, which the union declined to pay, while warning affected individuals that login credentials from the compromised system remained active in their current environment and required immediate changes due to potential misuse by the perpetrators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 27, 2020, the Koninklijke Nederlandsche Wielren Unie (KNWU), the Royal Dutch Cycling Union, publicly disclosed a data breach impacting its legacy "MijnKNWU" database. The compromised system had been decommissioned for public use earlier in 2020 but remained accessible internally for historical reference. Unauthorized actors infiltrated this environment, exfiltrating personal data belonging to members and individuals previously associated with the organization. The stolen information included names, email addresses, residential addresses, dates of birth, payment details, and club membership records. Approximately 90,000 individuals involved in KNWU cycling events were affected by the exposure of these sensitive attributes.
KNWU confirmed the incident constituted a ransomware attack, with threat actors demanding payment in exchange for the stolen data. The organization refused to comply with the ransom demand. A critical vulnerability stemmed from the migration process between the legacy system and its replacement, as user credentials were not reset during the transition. This oversight meant active login credentials from the old database remained valid and were subsequently compromised, heightening risks of credential-stuffing attacks or unauthorized account access. KNWU urged all individuals with historical ties to the platform to immediately change their passwords across any services where they reused those credentials. The breach notification emphasized the exposure of financial information but did not specify whether banking data was encrypted or the exact nature of payment details involved.