In an email sent out to all members today (Friday, March 18, 2016) USA Cycling outlined a hack that had reportedly breached the organization’s website two days ago compromising the security of critical member information.
USA Cycling learned two days ago of a data security incident within USA Cycling’s IT systems that could include some personal information associated with online accounts, including names, mailing addresses, email addresses, dates of birth, emergency contacts, and USA Cycling passwords. It does NOT include any drivers’ license or state ID numbers, credit card numbers, bank account numbers, Social Security numbers, or medical or health insurance information, as we do not store such information.
In other words, every bit of info they had on us is likely out there. Had they stored info like credit cards numbers, it would be gone as well. In the email USA Cycling provided a link requiring that memberschange their passwords before getting access to the site again. Then, those links got so overloaded that the system no longer function. Finally, by 7:45 PM EDT they were able to get the password changing system back in working order. They also encouraged users who may have used the same passwords on other sites or services to change those passwords as well. Thanks, USAC!
For the official word from USA Cycling, please follow the jump.
SECURITY BREACH NOTIFICATION: USAC MEMBERSHIP DATA ACCESSED
Email Print
UPDATE: To be clear, the breach was only to our website and not to the corporate network. The email that was sent regarding the breach is part of our incident procedures and includes a unique link for each of our members.
Colorado Springs, Colo. (March 18, 2016) – USA Cycling learned two days ago of a data security incident within USA Cycling’s IT systems that could include some personal information associated with online accounts, including names, mailing addresses, email addresses, dates of birth, emergency contacts, and USA Cycling passwords. It does NOT include any drivers’ license or state ID numbers, credit card numbers, bank account numbers, Social Security numbers, or medical or health insurance information, as we do not store such information.
What we know of the incident is that a hacker gained access to at least some of our databases within the last two weeks. We have been in contact with the authorities, and have employed a leading cyber security expert to advise us in this matter. We believe we have now secured all our systems and face no further data security risks. We are notifying you as soon as we were able to assess the situation and secure our systems.
Though we know of no inappropriate use of any data, we are notifying you so that you can take precautionary measures to protect yourself from identify theft or other forms of fraud. In particular, we advise that if your USA Cycling password is used in other accounts, you change your password in those other accounts immediately.
In addition, we have secured all USA Cycling accounts and will require you to change your password before you will be able to next log into USA Cycling’s systems. We will be sending all members an email with a link to reset their password within the next few hours. It is essential that you reset your password using this link, as that will be the only way you will be able to access your account going forward. (Clicking on that link enables us to validate your identity.)
If you lose access to your account and cannot wait until you receive the reset email from us, please contact us at help@usacycling.org or (719) 434-4200. We will be available this evening and over the weekend to provide assistance.
We deeply regret this incident, and offer our sincere apologies. Thank you for your understanding, and please do change any passwords which matched your USA Cycling password and reset your USA Cycling password when you receive the password reset email from us.
