News Corp Reveals Two-Year-Long Breach

Written by

Media giant News Corp has revealed a breach that may have affected its systems in the US for over two years.

Writing in a letter to employees last week, the company said it found out in January 2022 that threat actors may have stolen their personal and health information.

“Between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information."

This included names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and health insurance information.

“It is astounding that News Corp has only discovered this highly important piece of information one year after the breach was first announced, and it puts employees at a much greater risk of financial fraud and identity theft,” commented Julia O’Toole, CEO of MyCena Security Solutions.

“Given that the attackers had two years of access before they were identified [...] they most likely got away with more information than was first realized. With no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks.”

At the same time, the media company wrote that its investigation indicates the malicious activity did not appear to be focused on exploiting personal information.

News Corp further added it has been working with law enforcement during the investigation. It is also offering affected individuals free credit monitoring services.

Prevention is still the best tactic, according to O’Toole, who added that businesses must prioritize their defenses against phishing.

“The only way to achieve this is through encryption, where employee credentials are encrypted, meaning they never see them, know them, or have the ability to hand them over to criminals unwittingly,” she told Infosecurity in an email.

The disclosure comes a year after News Corp unveiled a separate breach, possibly connected to Chinese threat actors.

What’s hot on Infosecurity Magazine?