Media Statement: data breach – training and education websites

On the evening of 3 May 2018, World Rugby detected unauthorised access to the subscriber database linked to World Rugby’s training and education portal.

Sat 12 May, 2018

· 1 min read

The affected database contains information relating to education and training history with World Rugby and the breach was isolated to subscriber first name, email address and encrypted (hashed) password, which have not been compromised. There was no attempted breach of the entirely separate www.worldrugby.org website or any other World Rugby digital platform.

World Rugby takes the protection of data extremely seriously, partners with industry experts and aligns with best-practice. It acted immediately to determine the nature and scope of the issue, investigate how the incident occurred and to take steps to prevent a repeat situation. This included immediately suspending the affected websites.

World Rugby also immediately contacted affected subscribers immediately via email, detailing the level of information that was accessed and recommending that subscribers should change their password, as should be undertaken regularly in line with security best-practice. World Rugby is confident that the breach cause was identified, isolated and remedied.

World Rugby has proactively been updating the relevant regulators throughout and would like to reassure its training and education community that all possible steps have been taken to protect subscriber data and mitigate any repeat.

Click here to read the Training and Education subscriber Communication

Last updated: May 12, 2018, 9:23:24 PM