As seen on KNWU:
November 27, 2020
We regret to report that a data hack has taken place in our old MijnKNWU environment. It is no longer in use for the public since the beginning of this year, but was still accessible for internal and historical use. The breach affected the personal information of our members or people included in our legacy database for any reason.
What does this mean for you?
The data from the old MijnKNWU environment has been stolen. This means that all data that has been in this database is in the hands of third parties. This includes personal and contact details.
From the remainder of their notice, this appears to be a ransom situation, and KNWU is refusing to pay any ransom. Importantly, they note that when the old database was migrated over, no one had to change their login credentials, so users should change their passwords immediately as those passwords, if they were on the legacy system, are now in the criminals’ hands and possibly in the wild or being misused.
Read more of KNWU’s notification and advice here.
According to nu.nl, the breach impacts 90,000 people who were involved with KNWU’s bicycling events. They also note that the breach involved “names, e-mail addresses, payment details and other personal information, such as residential addresses or dates of birth. Club membership information was also stored there.”