The UAE Equestrian and Racing Federation (UAEERF), the official governing body for equestrian sports in the United Arab Emirates, has allegedly suffered a significant data breach. A threat actor has claimed responsibility on a dark web forum, stating they gained access to the federation’s systems by tricking an employee. This social engineering attack reportedly compromised a vast amount of sensitive personal and financial information belonging to the federation’s members, including riders, owners, and trainers.
The data, allegedly totaling over 93,000 records, was posted online and appears to contain highly sensitive details. The leaked information allegedly includes full names, Emirates ID numbers, bank account details (including IBANs), phone numbers, physical addresses, and email addresses. The breach also exposed detailed records related to horse registrations, hotel bookings for events, and user profiles, painting a comprehensive picture of the federation’s operations and its members’ private information.
The threat actor shared a list of compromised database files, highlighting the breadth of the exposed data. The leak contains specific information about riders, horse owners, trainers, and even event participants, dating back over a decade in some cases. The files include:
- bankdetails.csv
- horseregentries2013-2014.csv
- horseregentries2015-2016.csv
- hotel_bookings.csv
- ownerregentries.csv
- riderregentries2013-2014.csv
- riderregentries.csv
- trainerrenewal.csv
- userprofile.csv
- view_transferdetails.csv
- vw_hotelbookings_list.csv
- vw_ownerprofiles.csv
- vw_portalusers.csv
- vw_riderprofiles.csv
- vw_trainerprofiles.csv
- wc_participants.csv
- wv_teams.csv
