The threat actors who broke into News Corp, the company behind the Wall Street Journal and other news outlets, were reported to have had access to the network for around two years.
In February 2022, News Corp acknowledged that it had detected a security breach a month earlier and that hackers had accessed employee data on a third-party cloud service.
But recently, Ars Technica reported that the business has sent a breach notification letter to at least one affected employee.
Unauthorized Party
News Corp acknowledged that between February 2020 and January 2022, "an unauthorized party" managed to gain access to business files and emails in some employees' accounts.
The security company Mandiant which looked into the attack claims that the threat actor may be associated with the Chinese government when News Corp reported the breach.
Furthermore, it claimed that the company was probably attacked in order to obtain information for the nation. A representative for News Corp. said in an email to Ars that the company continues to believe that this was an "intelligence collection," but did not address the topic of whether investigators still believe the hackers were from China.
Sensitive Data Breach
The business disclosed in the letter that the criminals may have obtained employee names, birth dates, Social Security numbers, driver's licenses, and passport numbers, as well as their financial and health insurance.
But News Corp noted that not all of this information affected the individuals whose data was breached.
News Corp stated that it has not yet heard of any incidences of identity theft or fraud as a result of the security breach, but it is providing two years of identity protection and credit monitoring to the affected employees.
"As soon as we became aware of the activity, we notified U.S. law enforcement and launched an investigation with the assistance of a leading cybersecurity firm. We also promptly took steps to contain the activity. Based on the investigation to date, we have no evidence of ongoing unauthorized access to our systems," News Corp wrote in the letter.
"We take our obligation to safeguard personal information very seriously and are alerting you about this issue so you can take steps to help protect yourself."
News Corp also told the addressee in the letter that they are entitled to US law to one free credit report annually from each of the three nationwide consumer reporting agencies.
Related Article : NCSC's New Cybersecurity Reports Shows Evolving Ransomware Attacks Not Being Taken Seriously-Businesses Now Warned