The Guardian has warned its staff that sensitive personal information, including their salaries, bank details and passport numbers, was exposed when the media group was hit by a “sophisticated” ransomware attack last month.
The company said its internal systems were breached by a successful phishing attack that tricked an employee into giving credentials to a third party.
“It is now clear that we have experienced a sophisticated cyberattack involving unauthorized third party access to parts of our network, which appears to have been triggered by a phishing attack,” Katharine Viner, The Guardian, told staff in an email on Wednesday Editor-in-Chief, and Anna Bateson, Managing Director of Guardian Media Group.
The personal data the company said was “accessed” includes: “name, social security number, address, date of birth, bank account, salary, identification documents such as passports.”
They added that the company notified the Information Commissioner’s Office of the “criminal ransomware” privacy breach.
The Guardian did not reveal how it dealt with the attackers or whether a ransom demand had been made, but the email said it had “seen no evidence that any data had been leaked online to date”.
A spokesman told the FT that they do not believe any subscriber or reader information was accessed.
Ransomware attacks on businesses have become increasingly common in 2020 and 2021, in part because the shift to remote work has made IT systems more vulnerable to hackers.
“There has been a steady stream of attacks against media groups over the past 12 months, 62 in total,” said Matt Hull, global head of threat intelligence at NCC Group. “The biggest motivation in these attacks is almost always financial gain.”
Hull added that the Guardian risks potential fines if the Information Commissioner’s Office concludes the company has not taken sufficient steps to prevent or contain a personal data breach.
The Guardian said its US and Australian offices were unaffected by the attack, although it expects the majority of staff to be prevented from working at its London headquarters until at least early February as IT pros upgrade the office systems after bringing it back online and making sure there is no more hidden malware on its servers.
https://www.ft.com/content/31b71b9f-8efd-4a86-8dc8-03ac0096931a Guardian says cyber attack exposed identity and financial details of employees