British newspaper The Guardian has confirmed that cybercriminals accessed the personal details of U.K. staff members during a ransomware attack last month.
The Guardian confirmed the data breach in an update emailed to staff on Wednesday, which the newspaper reported shortly after. The email, signed by the news outlet’s chief executive Anna Bateson and editor-in-chief Katharine Viner, told employees that the cyberattack involved “unauthorised third-party access to parts of our network,” and was likely triggered by a phishing attempt, but they did not elaborate further.
Phishing is a common tactic employed by attackers and has been blamed for recent data breaches at Twilio, DoorDash and Bed Bath & Beyond.
The Guardian warned U.K. staff that attackers had accessed their sensitive personal information. The newspaper has approximately 1,500 employees around the globe — with 90% in the United Kingdom.
A spokesperson for The Guardian told TechCrunch that it confirmed “all U.K. staff are affected” by the breach, and data accessed “may include human resources data collected as part of everyone’s employment at The Guardian.” The spokesperson confirmed that employee names, addresses, national insurance numbers, government identity documents and salary details were compromised, as first reported by The Record.
The company added that it had no reason to believe the personal data of readers and subscribers had been accessed, nor does it believe that hackers accessed the personal data of staff in the U.S. or Australia.
But there remain several unknowns about the cyberattack, such as who was responsible and whether The Guardian paid a ransom demand.
The Guardian first confirmed that it had been hit by a ransomware attack on December 21. At the time, staff were told to work from home until at least January 23 as the organization battled with “behind the scenes” disruption. The newspaper said that while it expects some critical systems to be back up and running “within the next two weeks,” a return to office working by U.K. staff has been postponed until early February.
https://techcrunch.com/
Showing that there’s real investor enthusiasm for identity management platforms, Saviynt, which enables companies to secure apps, data and infrastructure in a single platform, today announced that it raised $205 million in debt from AB Private Credit Investors’ Tech Capital Solutions group. Founder Sachin Nayyar, who returned to Saviynt as CEO this week alongside newly appointed […]
Google confirmed it’s putting an end to a feature that allowed users to access playable podcasts directly from the Google Search results in favor of offering podcast recommendations. Officially launched in 2019, the feature surfaced podcasts when they matched a user’s query, including in those cases where a user specifically included the word “podcast” in their search […]
The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday. The apparent hack comes days after Wired reported that an app developed by the company, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed personal information of […]
Leave a Reply