News Corp previously blamed hackers linked to China for the cyber attack, with the intention of gathering intelligence to benefit China’s interests.
In February 2022, News Corp, the giant media and publishing company, disclosed a data breach revealing that its journalists had been targeted in a software supply chain attack.
Now, the company has shared additional information stating that the breach actually occurred in February 2020, meaning hackers sat on its network for two years without being noticed. The cybersecurity firm to assist News Corp at that time was Google-owned Mandiant.
In a breach notification, the company said that the threat actors behind the breach accessed its email and document storage system, used by multiple News Corp businesses. Personal and health information of affected employees was accessed, but the company stated that it does not appear that the activity was focused on exploiting personal information.
Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.
The breach impacted a number of News Corp news outlets, including The Wall Street Journal, the New York Post and its U.K. news operations. Among the personal information accessed were names, dates of birth, social security numbers, driver’s license numbers, passport numbers, financial account information and medical and health insurance information.
News Corp has previously stated that the attackers were linked to China and were likely involved in espionage activities to collect intelligence to benefit China’s interests.
In October 2022, the New York Post revealed that it had been hacked after its website and Twitter account were used to publish offensive content targeting multiple U.S. politicians. The newspaper later revealed that the incident was caused by one of its own employees who was fired after their involvement was discovered.
News Corp’s properties include a number of high-profile news outlets such as Dow Jones, FOX News, The Sun, and MarketWatch, among others. It is worth noting that in March 2019, the Dow Jones made headlines for leaking a “screening list” comprising sensitive information about terrorists, criminals, and shady businesses.
In April 2022, FOX News exposed thirteen million records online. The fifty-eight gigabytes worth of information included internal records, PII (personally identifiable information) of the company’s employees, and much more. These records remained open to public access before the company was alerted about the incident.
In a comment to Hackread.com, Julia O’Toole, CEO of MyCena Security Solutions, said that “It is astounding that News Corp has only discovered this highly important piece of information one year after the breach was first announced, and it puts employees at a much greater risk of financial fraud and identity theft.”
Julia stressed that “Given that the attackers had two years of access before they were identified, this means they most likely got away with more information than was first realised, and with no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks.”
“The suspected groups behind cyber espionage campaigns will generally always use phishing to gain an initial foothold on an organisation. Knowing it provides the greatest chance of success, they will target employees with realistic phishing emails in a bid to steal their user credentials so they can access the corporate network, carry out reconnaissance, and steal data,” warned Julia.