News Corp, the media giant that owns The Wall Street Journal, New York Post, and Dow Jones, has revealed new details about a data breach it suffered last year that it attributed to a state-sponsored group. The company confirmed that it had been hacked, but financial and customer information were not compromised in the incident.
The attack hit the company’s headquarters, news operations in the UK, and other News Corp-owned businesses. The incident was discovered in January 2022, and cybersecurity firm Mandiant was called in to assist with the investigation. News Corp said at the time that the attack had been tied to a foreign government, and Mandiant confirmed that it appeared to be the work of a Chinese group.
According to a data breach notification submitted to authorities in Massachusetts, the attackers had gained access to a business email and document storage system used by several News Corp businesses. The compromised information came from a “limited number” of personnel accounts on the affected system.
The attackers gained access to business documents and emails between February 2020 and January 2022. Some personal information may have been obtained by the attackers, including name, date of birth, Social Security number, passport number, driver’s license number, financial account information, health insurance details, and medical information.
However, the company has stated that the activity was not focused on exploiting personal information, and it is not aware of any reports of identity theft or fraud in connection with the issue.
Despite News Corp’s claim that the attack was not focused on exploiting personal information, the company has decided to offer 24 months of free identity protection and credit monitoring services to impacted individuals. The company’s investigation indicates that the activity was not aimed at exploiting personal information.
The notification, however, reveals that the company has taken steps to protect affected individuals from the possibility of identity theft or fraud. The breach is just one of many reported in recent months and years, highlighting the need for businesses to take strong measures to protect their systems and data against cyber threats.