In May 2023, the Philadelphia Inquirer, the largest newspaper in Philadelphia by circulation, faced a severe cybersecurity incident. The breach was initially detected after an unexpected shutdown of the newspaper’s content management system, leading to a significant disruption of its operations including the temporary cessation of its print publication. In response, the Inquirer took several of its computer systems offline and enlisted the help of Kroll forensics experts to investigate the scope and nature of the breach. This cyberattack not only hindered their daily operations but also compromised the personal and financial information of 25,549 individuals.
Upon discovery, the Inquirer quickly responded by working with cybersecurity specialists to determine the extent of the breach. It was found that an unauthorized party had gained access to the newspaper’s systems, viewing and potentially copying sensitive files between May 11 and May 13, 2023. The data accessed included names, financial account numbers, and credit/debit card details along with security codes, access codes, passwords, or PINs. To mitigate the damage and support those affected, the Inquirer offered 24 months of free credit monitoring and identity restoration services through Experian.
Shortly after the incident was made public, the Cuba ransomware gang claimed responsibility for the attack. They alleged to have stolen extensive financial documents, correspondence, tax records, compensation details, and even source code from the Inquirer’s servers. This group is known for its past activities involving ransom demands from its victims, which they reinforce by leaking stolen data on the dark web. However, the situation took a turn when the Inquirer contested the authenticity of the documents leaked, leading the ransomware group to eventually remove the entry regarding this breach from their website.
This incident underscores the vulnerabilities faced by organizations globally, particularly those in media which are often targets for cybercriminals due to the sensitive nature of the information they handle. It also highlights the complexities of responding to ransomware attacks where negotiation with criminals can sometimes lead to more complications. The breach at the Philadelphia Inquirer is a stark reminder of the need for robust cybersecurity measures and the importance of rapid response and transparency in dealing with stakeholders following a security breach.