The affected database contains information relating to education and training history with World Rugby and the breach was isolated to subscriber first name, email address and encrypted (hashed) password, which have not been compromised. There was no attempted breach of the entirely separate www.worldrugby.org website or any other World Rugby digital platform.
World Rugby takes the protection of data extremely seriously, partners with industry experts and aligns with best-practice. It acted immediately to determine the nature and scope of the issue, investigate how the incident occurred and to take steps to prevent a repeat situation. This included immediately suspending the affected websites.
World Rugby also immediately contacted affected subscribers immediately via email, detailing the level of information that was accessed and recommending that subscribers should change their password, as should be undertaken regularly in line with security best-practice. The World Rugby is confident that the breach cause was identified, isolated and remedied.
Also, the World Rugby has proactively been updating the relevant regulators throughout and would like to reassure its training and education community that all possible steps have been taken to protect subscriber data and mitigate any repeat.
Click here to read the Training and Education subscriber Communication