Media giant News Corp is the latest organisation to have fallen victim to a lengthy data breach after revealing that hackers had access to company systems for nearly two years.
News Corp said it first discovered unauthorised activity on internal storage systems in January 2022. A subsequent investigation by the publisher found that threat actors gained access to business documents and email correspondence belonging to a “limited number of employees” beginning February 2020.
The company said that employee data is believed to have been compromised in the breach, and could include names, dates of birth, social security and driver's license details, passport numbers, or financial and health insurance information.
Several brands within the News Corp publishing group have been impacted by the breach, including the Wall Street Journal, New York Post, and some UK news publications.
“On 20 January 2022, News Corp discovered cyber attack activity on a business email and document storage system used by several News Corp businesses,” the company said in an employee notice.
“News Corp understands that, between February 2020 and January 2022, an unauthorised party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.”
Although News Corp has not disclosed details on the number of employees affected by the breach, the firm noted that the incident “does not appear to be focused on exploiting personal information”.
The firm added that there is no indication that personal information has been used to conduct identity theft or fraud.
“We nonetheless are providing you notice of this issue because the investigation has determined that some of your personal information was contained in the relevant materials,” the advisory said.
Upon discovering the breach, News Corp said it notified US law enforcement and employed the services of a “leading cyber security firm”, believed to be Mandiant.
The firm said it “promptly took steps to contain the activity”, adding that the unauthorised party no longer has access to company systems.
“Based on the investigation to date, we have no evidence of ongoing unauthorised access to our systems,” the company said.
Take control of diverse and rapidly evolving enterprise risks
Effectively manage and report on risk and compliance
Experts have criticised the company for failing to spot the intrusion for so long.
Julia O’Toole, CEO at MyCena Security Solutions, told IT Pro that given the timescale and despite News Corp's belief that the stolen data has not been used in fraud campaigns, staff are under "much greater risk of financial fraud and identity theft".
"Given that the attackers had two years of access before they were identified, this means they most likely got away with more information than was first realised, and with no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks," she said.
Long-term breach
News Corp’s disclosure follows a recent announcement by GoDaddy that the company had experienced a similar lengthy breach lasting nearly three years.
Earlier this month, the domain hosting site revealed it had fallen victim to a ‘multi-year’ security incident which saw hackers steal source code and install malware that redirected sites to malicious pages.
An investigation by the firm found that several security incidents in recent years were attributed to the breach and carried out by the same threat actor.
