IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

News Corp admits China-linked hackers breached company for two years

The News Corp breach follows recent news that threat actors had access to GoDaddy systems for three years

Media giant News Corp is the latest organisation to have fallen victim to a lengthy data breach after revealing that hackers had access to company systems for nearly two years.  

News Corp said it first discovered unauthorised activity on internal storage systems in January 2022. A subsequent investigation by the publisher found that threat actors gained access to business documents and email correspondence belonging to a “limited number of employees” beginning February 2020.  

The company said that employee data is believed to have been compromised in the breach, and could include names, dates of birth, social security and driver's license details, passport numbers, or financial and health insurance information.  

Several brands within the News Corp publishing group have been impacted by the breach, including the Wall Street Journal, New York Post, and some UK news publications.  

“On 20 January 2022, News Corp discovered cyber attack activity on a business email and document storage system used by several News Corp businesses,” the company said in an employee notice.  

“News Corp understands that, between February 2020 and January 2022, an unauthorised party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.” 

Although News Corp has not disclosed details on the number of employees affected by the breach, the firm noted that the incident “does not appear to be focused on exploiting personal information”.  

The firm added that there is no indication that personal information has been used to conduct identity theft or fraud.  

“We nonetheless are providing you notice of this issue because the investigation has determined that some of your personal information was contained in the relevant materials,” the advisory said.

Upon discovering the breach, News Corp said it notified US law enforcement and employed the services of a “leading cyber security firm”, believed to be Mandiant.  

The firm said it “promptly took steps to contain the activity”, adding that the unauthorised party no longer has access to company systems.  

“Based on the investigation to date, we have no evidence of ongoing unauthorised access to our systems,” the company said.

Related Resource

Take control of diverse and rapidly evolving enterprise risks

Effectively manage and report on risk and compliance

Whitepaper cover with image of female working at a computer with blurred image of tables and chairs in backgroundFree Download

Experts have criticised the company for failing to spot the intrusion for so long. 

Julia O’Toole, CEO at MyCena Security Solutions, told IT Pro that given the timescale and despite News Corp's belief that the stolen data has not been used in fraud campaigns, staff are under "much greater risk of financial fraud and identity theft".

"Given that the attackers had two years of access before they were identified, this means they most likely got away with more information than was first realised, and with no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks," she said.

Long-term breach 

News Corp’s disclosure follows a recent announcement by GoDaddy that the company had experienced a similar lengthy breach lasting nearly three years.  

Earlier this month, the domain hosting site revealed it had fallen victim to a ‘multi-year’ security incident which saw hackers steal source code and install malware that redirected sites to malicious pages.  

An investigation by the firm found that several security incidents in recent years were attributed to the breach and carried out by the same threat actor.  

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023