Inquirer Publisher and Chief Executive Officer Lisa Hughes announced Friday that Philadelphia Inquirer subscribers, employees, former employees, and family members of employees participating in the company's benefit plan It was announced that 25,500 people may have had their personal information compromised in a cyberattack in May.
The company said in an internal email to employees that outside cybersecurity experts found no evidence that the data was being used to commit identity theft or fraud. Hughes said in an email response to his follow-up questions that Social Security numbers, driver's license numbers, financial account information and medical information may have been accessed.
The company will send letters to those who may have been affected detailing what information was compromised and will offer free credit monitoring and identity recovery services.
The update came at the end of what the Inquirer called a “complex, systematic and lengthy process” to investigate the incident.
Hughes said the investigation was unable to identify specific individuals or their motives behind the attack. She declined to say what files may have been affected, citing confidentiality.
Cyberattacks have more than doubled in recent years and pose a major threat to businesses, governments, and consumers around the world.
Locally over the past year, the City of Philadelphia, Pennsylvania Courthouse, Bucks County Emergency Management Agency, Comcast, and Atlantic City's Borgata have responded to attacks, some of which caused significant disruption to operations for several days. There were also cases where people's health conditions and confidential information could be leaked. Financial information.
Inquirer cyber attack
The incident with The Inquirer came to light on May 11, 2023, when Cynet, the vendor that manages its security, alerted the company to suspicious network activity. By May 13, 2023, the Inquirer's content management system, where reporters and editors write and edit articles, was down, and a workaround had to be created to publish articles online.
A few days after the incident, Hughes said the Inquirer “discovered unusual activity on some computer systems and immediately took those systems offline.” The company also notified the FBI.
The Inquirer was unable to print its regular Sunday newspaper, and employees on hybrid schedules with one mandatory day were not allowed access to the newsroom for several days. Digital publishing was not affected.
A ransomware group called Cuba, which has hacked other companies and governments around the world, later claimed responsibility for the attack and posted online what it said were Inquirer files containing stolen Inquirer data. . But the next day, Cuba removed the claim from its site on the dark web. Hughes said at the time that the company had seen no evidence that the Inquirer information was actually shared. In response to questions at the time, the Inquirer did not say whether it had paid a ransom in exchange for removing the claims.
In recent years, ransomware attacks have targeted news organizations such as the Los Angeles Times, which suffered widespread disruption in a 2018 attack. In such incidents, malicious software locks the user out of the system and demands payment to restart the system.
In the months since the Inquirer incident, the company has strengthened its digital security, including requiring multi-factor authentication on its systems.
“The Inquirer takes the security of this event and the information very seriously,” Hughes said. “Investigators regularly assess the evolving risk landscape and implement controls to mitigate those risks.”