- From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions
- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
News Corp Reveals Two-Year-Long Breach
Media giant News Corp has revealed a breach that may have affected its systems in the US for over two years.
Writing in a letter to employees last week, the company said it found out in January 2022 that threat actors may have stolen their personal and health information.
“Between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.”
This included names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and health insurance information.
“It is astounding that News Corp has only discovered this highly important piece of information one year after the breach was first announced, and it puts employees at a much greater risk of financial fraud and identity theft,” commented Julia O’Toole, CEO of MyCena Security Solutions.
“Given that the attackers had two years of access before they were identified […] they most likely got away with more information than was first realized. With no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks.”
At the same time, the media company wrote that its investigation indicates the malicious activity did not appear to be focused on exploiting personal information.
News Corp further added it has been working with law enforcement during the investigation. It is also offering affected individuals free credit monitoring services.
Prevention is still the best tactic, according to O’Toole, who added that businesses must prioritize their defenses against phishing.
“The only way to achieve this is through encryption, where employee credentials are encrypted, meaning they never see them, know them, or have the ability to hand them over to criminals unwittingly,” she told Infosecurity in an email.
The disclosure comes a year after News Corp unveiled a separate breach, possibly connected to Chinese threat actors.
