Cyber attackers target Wentworth members
Surrey golf club admits hackers accessed its entire database, stealing phone numbers and addresses
£150,000
Amount new members must pay up front if they want to join Wentworth, which has been revamped under its new owner
‘I am absolutely livid. This is a fantastic list for a potential gang of burglars’
THE personal details of tycoons, sports stars and celebrities have been stolen in a cyber attack on England’s most exclusive golf club. Wentworth’s membership database was stolen by “an unauthorised third party”, the golf club has admitted in an email sent last week. The club offered “our profuse apologies” for any worry or inconvenience.
It is thought personal details of the entire list of 2,000 members have been stolen. High-profile members include Sir Michael Parkinson, the former chat show host, Strictly Come Dancing’s Anton Du Beke, and the ex-England football and cricket captains John Terry and Kevin Pietersen as well as financiers and captains of industry. A Russian tycoon, whose life has been under threat, is also thought to be on the list, as well as TV golf presenters Nick Dougherty and his wife, Di. The theft occurred after cyber hackers infiltrated the Wentworth IT system and sent out a post to members, seemingly demanding a payment in bitcoins, a cyber currency, to “recover files”.
Membership details were downloaded by the hackers and stolen. The details include member names, dates of birth, home and email addresses plus landline numbers. The last four digits of bank accounts for direct debit payments were also stolen.
The data hack will do little to ease tensions between members and Wentworth’s new owners. Wentworth was purchased six years ago for £135million by Reignwood Group, a company owned by Dr Chanchai Ruayrungruang, a Chinese/ Thai billionaire, who installed his daughter as interim chief executive of the club, situated in Virginia Water, Surrey, two years ago.
It has become a “limited” debenture model, requiring new members to pay £150,000 up front to transform it into the “world’s premier private golf and country club”.
Wentworth’s members first became aware of a problem when a hacked message appeared on Jan 4 on the “Wentworth at Home” internet page for members, entitled “your personal files are encrypted!” and demanding payment in bitcoins for the purchase of a “private key” to have them unlocked. Members then received an email from the Wentworth IT team, which said the internet site had “contained some unexpected graphics”.
On Jan 11, Neil Coulson, Wentworth’s general manager, told members “that our Club House Online was accessed by an unauthorised third party and an export file was downloaded”. He revealed that details had been stolen but said ‘‘we have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk”. Apologising, he added: “Limited information may be used to try to persuade you to give out more confidential information.”
The club has referred the data breach to the Information Commissioner’s Office (ICO). One member claimed that the club’s head of IT had been furloughed in the pandemic and later made redundant.
Wentworth has been accused of taking public money to furlough staff even though it is owned by a billionaire.
One member said: “Obviously, this is a major data breach due to the club’s failing to have adequate security measures.” Another member said: “I am absolutely livid. This is a fantastic list for a potential gang of burglars.”
A Wentworth spokesman said: “Some limited personal information may have been downloaded by an unauthorised third party. The amount of information in the file was well below that required to access any private account and therefore is considered low risk.”
The club said there had been no ransomware request – which is when hackers lock a computer system and demand payment for it to work again.
An ICO spokesman said: “We received a data breach report from Wentworth Golf Club and will be assessing the information provided.”