British newspaper The Guardian has confirmed that cybercriminals accessed the personal details of U.K. staff members during a ransomware attack last month.
The Guardian confirmed the data breach in an update emailed to staff on Wednesday, which the newspaper reported shortly after. The email, signed by the news outlet’s chief executive Anna Bateson and editor-in-chief Katharine Viner, told employees that the cyberattack involved “unauthorised third-party access to parts of our network,” and was likely triggered by a phishing attempt, but they did not elaborate further.
Phishing is a common tactic employed by attackers and has been blamed for recent data breaches at Twilio, DoorDash and Bed Bath & Beyond.
The Guardian warned U.K. staff that attackers had accessed their sensitive personal information. The newspaper has approximately 1,500 employees around the globe — with 90% in the United Kingdom.
A spokesperson for The Guardian told TechCrunch that it confirmed “all U.K. staff are affected” by the breach, and data accessed “may include human resources data collected as part of everyone’s employment at The Guardian.” The spokesperson confirmed that employee names, addresses, national insurance numbers, government identity documents and salary details were compromised, as first reported by The Record.
The company added that it had no reason to believe the personal data of readers and subscribers had been accessed, nor does it believe that hackers accessed the personal data of staff in the U.S. or Australia.
But there remain several unknowns about the cyberattack, such as who was responsible and whether The Guardian paid a ransom demand.
The Guardian first confirmed that it had been hit by a ransomware attack on December 21. At the time, staff were told to work from home until at least January 23 as the organization battled with “behind the scenes” disruption. The newspaper said that while it expects some critical systems to be back up and running “within the next two weeks,” a return to office working by U.K. staff has been postponed until early February.
https://techcrunch.com/
After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point. Written by Linda Smith, Rajat Wason, Syed Zaidi AUGUST 10, 2022 SECURITY OPERATIONS ACTIVE ADVERSARY PLAYBOOK BLACKCAT FEATURED HIVE LOCKBIT RANSOMWARE SOPHOS X-OPS In May 2022, an automotive supplier was hit with three separate ransomware attacks. […]
A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. “Code-generating systems are currently […]
With a major United States intelligence authority set to expire at the end of the year, and a congressional showdown brewing over whether or not to renew it, new details of an internal audit show that US Federal Bureau of Investigation (FBI) personnel have repeatedly conducted unlawful searches of data collected under the imperiled surveillance authority. Agents […]
Leave a Reply