The website of the International Marine Animal Trainers’ Association (IMATA) suffered a complex cyber attack on Thursday, 5 February 2015. The severity of the breach suggests that this incident was a targeted attack against IMATA and its mission to foster communication, professionalism and cooperation among those who serve marine mammal science through training, public display, research, husbandry, conservation, and education.

The site, which features information on the care and training of marine animals, was defaced and some of its original content was destroyed. Fortunately, IMATA’s website team maintains "back-ups" of all pages and is in the process of re-building and re-launching the content. In the meantime, IMATA is working with security experts and U.S. federal law enforcement to investigate the unauthorized and illegal access into the website.

At this time, IMATA has found no evidence that members’ financial information (such as credit cards or bank information) was compromised during the attack. In fact, IMATA does not store any credit card data on any part of the website, so it would be impossible for these pieces of information to have been accessed during the attack.

Unfortunately, some data was illegally accessed, including a list of names and email addresses for some IMATA members. Additionally, cryptographically scrambled versions of some members' passwords (not actual passwords) were taken. IMATA’s site uses Secure Remote Password protocol (SRP) to protect members' passwords, which is designed to make it extremely difficult for hackers to extract actual passwords; it also means that each encrypted password would have to be deciphered individually. As a precaution, however, IMATA will be automatically resetting each member's password once the site is re-launched. Additionally, if members have used the same or similar passwords for other purposes, they should consider changing those passwords as well. 

IMATA takes the security of its membership's personal information very seriously, and deeply regrets that the organization was the victim of a cyber attack. IMATA is committed to assisting its members who have questions related to this security breach. Inquires can be directed to the organization via email at info@imata.org. All correspondence will receive a response within 24-hours.