The PGA of America reportedly was hacked Tuesday as they tried to access their files for the ongoing PGA championship. Technicians realized they were hacked when they were trying to access the files and were revealed to be locked behind a Bitcoin wall with a message that revealed any attempt to break would result in the files being lost.
The hackers accessed the files that contained advertising and digital signage that was going to be a part of the 100th PGA Championship, in Town and Country Missouri. According to Golfweek, the PGA did not have full access to their files as of Wednesday night, less than 24 hours before the first golfers teed off.1 There is currently no further information as the investigation is ongoing.
This should serve as a reminder to be careful in opening emails from unknown sources. Any business no matter how big or how many controls are vulnerable to a cyber-attack. Many companies fall for a ruse that is created by social engineering, even companies as big as the PGA. More information about Cryptolocker.
Companies should develop comprehensive breach response plans, complete employee social engineering training, perform periodic system penetration testing and then properly insure the risk. For more information on insuring these types of exposures or if you would like any employee training, please feel free to contact us or visit our website at www.plrisk.com.