NETWORK INTRUSION UPDATE —

Conservative News Corp. empire says hackers were inside its network for 2 years

News Corp. disclosed the breach last year. Now, company says it lasted 23 months.

Entrance to Fox News headquarters at NewsCorp Building in New York. (Photo by Erik McGregor/LightRocket via Getty Images)
Enlarge / Entrance to Fox News headquarters at NewsCorp Building in New York. (Photo by Erik McGregor/LightRocket via Getty Images)
Getty Images

News Corp., the parent company of The Wall Street Journal and several other news outlets, said that hackers were inside its network for nearly two years and made off with private documents and emails.

News Corp. first disclosed the breach in February 2022, in a filing with the Securities and Exchange Commission and an article in The Wall Street Journal. The company said at the time that it discovered “persistent cyberattack activity” a month earlier in a third-party cloud service it used. Security firm Mandiant, which aided News Corp. in investigating the intrusion, told the WSJ it believed the attack was conducted by a threat actor aligned with the Chinese government.

Last week, News Corp. sent a breach notification letter to at least one affected employee that provided additional details.

“Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information,” the letter stated. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

The letter added that News Corp. wasn’t aware of any identity theft or fraud in connection with the data breach. A News Corp. representative said in an email the investigators “believe that this was an intelligence collection.” The email didn’t respond to questions asking if the focus of the two-year intrusion was focused on gaining private information concerning the company’s news gathering or reporting, how many employees were affected, or if investigators still believed the threat actor was aligned with the Chinese government.

Personal information obtained by the threat actor included employee names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, and health insurance information. Not all of this information was impacted for each affected Individual. News Corp. is offering affected employees free identity theft protection and credit monitoring for two years through Experian.

Channel Ars Technica