Communication on the cyber attack

2. February 2024

Data protection has always been a top priority at Datasport. This has helped us in recent years to protect ourselves from the increasingly frequent criminal attacks on our IT. Nevertheless, we have now fallen victim to a cyber incident affecting parts of the myDS Datasport athlete database.

We very much regret this. As a major provider of timekeeping and result transmission, we - like many institutions and companies worldwide - are repeatedly the target of cyberattacks.

The criminal access occurred on 22 January 2024, when Datasport increased geo-redundancy during the regular review of technical and organisational measures for data security and information security and transferred data to another data centre for backup purposes. In the course of this implementation, the attack on a security-relevant vulnerability occurred. Our IT reacted immediately and was able to stop the attack within a few minutes.

Until the 31st of January 2024, we had no indication that more than a few data records were affected, as we communicated on our website.

It has now been revealed that up to one million names, postal addresses and, in some cases, telephone numbers and email addresses of athletes could be affected. The analysis revealed that the majority of the data affected is that of active users from mid-2021 to the start of 2024. Security-relevant data such as passwords or payment method information are not affected.

We have reported the criminal access to the authorities. A company specialising in cyber security is investigating the incident and comprehensively reviewing Dataport's security measures.

Potentially affected parties do not need to take any action. However, it is recommended to be even more vigilant than is unfortunately already necessary and, for example, not to open any suspicious e-mails or text messages. Here are the recommendations for dealing with phishing attempts.

We are available to answer questions and concerns and receive reports of suspicious activity at the e-mail address [email protected].

We apologise for the inconvenience and assure you that we will do everything we can to ensure the security of your data and our systems.

Update 2 February 2024, 5:15 pm. The personal data affected by the cyber-attack are the following: myDS ID, first name and last name, gender, date of birth, nationality, language, postal code, address, telephone number and the e-mail address. Other specific data included in myDS may also have been effected, such as contest names and amounts.