Wentworth hacked and personal details of entire member list thought to be stolen

The personal details of wealthy tycoons, sports stars and celebrities have been stolen in a cyber attack on England’s most prestigious golf club.

Wentworth’s membership database was stolen by “an unauthorised third party”, the golf club has admitted in an email sent out last week and seen by The Telegraph. The club has offered “our profuse apologies” for any worry or inconvenience.

It is thought personal details of the entire list of 2,000 members have been stolen. High-profile members of the club include Sir Michael Parkinson, the former chat show host, Strictly Come Dancing’s Anton du Beke, and the ex-England football and cricket captains John Terry and Kevin Pietersen, as well as financiers and captains of industry.

A Russian tycoon, whose life has been under threat, is also thought to be on the list, as well as Sky Sports golf presenters Nick Dougherty and Di Dougherty.

The theft occurred after cyber hackers infiltrated the Wentworth IT system and sent out a post to members, seemingly demanding a payment in bitcoins, a cyber currency, to “recover files”.

Membership details were subsequently downloaded by the hackers and stolen. The details include the names of members, their dates of birth, home addresses, email addresses and landline telephone numbers. It also contained the last four digits of bank accounts provided for direct debit payments.

The data hack will do little to ease tensions between members and Wentworth’s new owners – a China-based conglomerate that bought the club six years ago for £135 million – over its management of the club. Wentworth was purchased by Reignwood Group, a company owned by Dr Chanchai Ruayrungruang, a Chinese/Thai billionaire, who installed his daughter as interim chief executive of the exclusive club on a private estate in Virginia Water, Surrey, two years ago.

It has switched to a “limited” debenture model, requiring new members to pay £150,000 up front in a bid to transform Wentworth into the “world’s premier private golf and country club”. Reignwood has also ploughed money into improving its three golf courses.

Wentworth’s members first became aware of a problem when a hacked message appeared on January 4 on the “Wentworth at Home” internet page for members, entitled “your personal files are encrypted!” and demanding payment in bitcoins for the purchase of a “private key” to have them unlocked.

Shortly after, members received an email from the Wentworth IT team that said the internet site had “contained some unexpected graphics”, which was being investigated.

A week later on January 11, Neil Coulson, Wentworth’s general manager, wrote to members telling them that its IT provider had “confirmed to us that our ClubHouse Online was accessed by an unauthorised third party on January 4 and an export file was downloaded”. Mr Coulson wrote: “The export file in question contains your personal details including your name, gender, home address, email address, landline number, and date of birth.

“I fully appreciate this will be concerning for you but we have taken third-party specialist advice and have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk.”

He said the club had taken “immediate steps to reset access to all our IT systems” and requested members “to remain vigilant to any unusual or unexpected approaches by phone, email or through social media”.

He added: “It is prudent to be aware that limited information may be used to try to persuade you to give out more confidential information. Please accept our profuse apologies for any worry and inconvenience this will cause you.”

The club – as required by law – has referred the data breach to the Information Commissioner's Office (ICO).

One member claimed that the club’s head of IT had been put on furlough during the Covid-19 pandemic and later made redundant.

The club declined to comment. Wentworth has been accused of taking hundreds of thousands of pounds in taxpayers’ money to furlough staff even though the club is owned by a billionaire. The club has declined to say if IT staff were furloughed along with other employees.

One member said: “Obviously, this is a major data breach due to the Club’s failing to have adequate security measures in place to prevent this type of cyber attack. This loss of personal data will cause anxiety and distress for members due to concerns about how their personal info can now be used and abused by criminals. We now have the worry and inconvenience of trying to mitigate the risks of potential fraud, identity theft and financial loss. Many members are furious at being put in jeopardy.”

Another member said: “I am absolutely livid. This is a fantastic list for a potential gang of burglars.”

A Wentworth spokesperson said: “We were made aware by our long-standing IT provider that some limited personal information may have been downloaded from our members' online portal by an unauthorised third party.

“The amount of information in the file was well below that required to access any private account and therefore is considered low risk. Immediate action was taken to notify the ICO, we have reached out to all members and have disabled the portal.”

The club said no ransomware request had been made.

An ICO spokesperson said: “People have the right to expect that their personal information is handled securely by any organisation.

“Anyone concerned about their personal information should contact Wentworth Golf Club, if they are not satisfied with the Club’s response, they can bring their concerns to us.”

"We received a data breach report from Wentworth Golf Club and will be assessing the information provided.”