News Corp admits hackers had access to its systems for two years
Threat actors were inside its networks between January 2020 to February 2022.
The threat actors who infiltrated News Corp., the company that owns The Wall Street Journal and other news outlets, apparently had access to its network for two full years. In February last year, News Corp. admitted that it had discovered a security breach a month earlier and that hackers broke into a third-party cloud service that contained employees' information. Now, according to Ars Technica, the company has sent a breach notification letter (PDF) to at least one affected personnel. In it, the company has admitted that "an unauthorized party" gained access to business documents and emails in some employees' accounts between February 2020 and January 2022.
When News Corp. announced the breach, the security firm (Mandiant) that investigated the intrusion said it believes the threat actor was connected to the Chinese government. Further, it said the company was most likely attacked to gather intelligence for the country. In an email to Ars, a representative said News Corp. continues to believe "that this was an intelligence collection," but didn't respond to a question asking if investigators still think the hackers were linked to China.
The company has revealed in the letter, though, that the bad actors may have gotten a hold of employees' names, birth dates, Social Security number, driver's license and passport numbers, as well as their financial, medical and heath insurance information. "Not all of this information was impacted for each affected individual," it added. News Corp. said that it hasn't heard any incidents of identity theft or fraud resulting from the security breach so far, but it's offering affected employees two years of identity protection and credit monitoring.
"Our investigation indicates that this activity does not appear to be focused on exploiting personal information," News Corp. wrote in its letter. However, it didn't reveal that details of the documents and emails the threat actors were able to access, and it didn't say if they were specifically looking for information connected to the company's reporting.