- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
- One of the best cheap Android phones I've tested is not a Motorola or Samsung
- The best VPN services for iPhone: Expert tested and reviewed
- Docker Desktop 4.36 | Docker
News Corp Reveals Two-Year-Long Breach
Media giant News Corp has revealed a breach that may have affected its systems in the US for over two years.
Writing in a letter to employees last week, the company said it found out in January 2022 that threat actors may have stolen their personal and health information.
“Between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.”
This included names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and health insurance information.
“It is astounding that News Corp has only discovered this highly important piece of information one year after the breach was first announced, and it puts employees at a much greater risk of financial fraud and identity theft,” commented Julia O’Toole, CEO of MyCena Security Solutions.
“Given that the attackers had two years of access before they were identified […] they most likely got away with more information than was first realized. With no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks.”
At the same time, the media company wrote that its investigation indicates the malicious activity did not appear to be focused on exploiting personal information.
News Corp further added it has been working with law enforcement during the investigation. It is also offering affected individuals free credit monitoring services.
Prevention is still the best tactic, according to O’Toole, who added that businesses must prioritize their defenses against phishing.
“The only way to achieve this is through encryption, where employee credentials are encrypted, meaning they never see them, know them, or have the ability to hand them over to criminals unwittingly,” she told Infosecurity in an email.
The disclosure comes a year after News Corp unveiled a separate breach, possibly connected to Chinese threat actors.