News Corp has admitted it failed to detect hackers inside its computer systems for 23 months between 2020 to 2022. News Corp first disclosed the breach last year in its 01-K filing with the Securities and Exchange Commission for the December quarter and in a subsequent article in The Wall Street Journal (WSJ).
In February 2022, News Corp said a third-party cloud service it used was the target of a “persistent cyberattack activity” a month earlier. Security firm Mandiant, which helped News Corp in investigating the intrusion, told the WSJ it believed the attack was conducted by a threat actor aligned with the Chinese government.
News Corp then went quiet. Analysts failed to follow up the report with questions at post-earnings release briefings, and as the company doesn’t allow media to participate in briefings, there was no chance for further questioning. But in late February this year, news emerged in the US of a letter sent to at least one affected employee concerning the hacking.
News said that someone gained access to a business and document storage system used by several News Corp businesses and obtained employees’ personal and health information.
On 20 January 2022, News Corp discovered cyberattack activity on a business email and document storage system used by several News Corp businesses. As soon as we became aware of the activity, we notified US law enforcement and launched an investigation with the assistance of a leading cybersecurity firm. Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information. Our investigation indicates that this activity does not appear to be focused on exploiting personal information. We are not aware of reports of identity theft or fraud in connection with this issue. We nonetheless are providing you notice of this issue because the investigation has determined that some of your personal information was contained in the relevant materials.
The attack affected the media giant’s publications and business units, including The Wall Street Journal, the New York Post and its UK news operations. There was no mention of News Corp Australia.
According to the letter, the affected employees’ information may have included names, dates of birth, US Social Security numbers, passport numbers, driver’s licence numbers, financial account information, medical information and health insurance details. In other words: a rich haul.
So while its Australian newspapers were reporting on the hacks against Optus, Medibank and a host of other local companies and organisations, News Corp didn’t reveal its own experience.
It’s not the first time News has been caught up in the alleged activities of Chinese hackers. The Sydney Morning Herald reported six months ago that a sophisticated, year-long espionage campaign targeted Australian government agencies and news outlets, with some hackers posing as employees of News Corp outlets.
“Under the phishing scam, which began last year and continues to today, the hackers send out emails in which they claim to be employees from fictional outlets such as ‘Australian Morning News’ or real publications such as The Australian and the Herald Sun,” the SMH reported.
“Recipients are then directed to fake news aggregation sites that can implant a harmful code on their devices and allow the hackers to harvest technical information about the victims.”
