US Newspaper giant Gannett, owner of the USA Today newspaper (to name just one), has announced through the website of the aforementioned newspaper, that they have been hit by a data-breach as a result of a phishing attack.
A phishing email attack potentially compromised the accounts of as many as 18,000 current and former employees of media company Gannett Co.
As of Tuesday there was no indication of access to or acquisition of any sensitive personal data from employees’ accounts, said the company.
Gannett Co. (GCI) is the owner of USA TODAY, the publisher of this report, and 109 local news properties across the United States.
The attack was discovered on March 30 and investigated by Gannett’s cybersecurity team. It appeared to originate in emails to human resources staff.
The announcement then goes on to announce the steps taken by the media company to alert affected employee:
The 18,000 current and former employees of the company will be sent notices about the incident and offer of credit monitoring via the US Postal Service. No customer account information was touched by the phishing attack.
They will be provided with an offer of credit monitoring because employee information was potentially available through some of the affected account login credentials before the accounts were locked down.
Limited information on phishing in general is followed by a short sentence that indicates that Gannett’s financial team spotted a fraudulent wire transfer that the attacker attempted to make using stolen credentials:
Phishing attacks are a common method used by attackers to infiltrate computer networks. They typically consist of faked emails sent to an employee that entice them to click on a link that unleashes malicious software that can compromise their computer accounts. Once in a network, attackers can then leapfrog to other accounts, working their way deeper into the system.
In the Gannett attack, the infiltration was discovered when the perpetrator attempted to use a co-opted account for a fraudulent corporate wire transfer request. The attempt was identified by Gannett’s finance team as suspicious and was unsuccessful.
There are a few technologies which would have helped here – decent firewalls might have helped, Two-Factor Authentication (2FA) could have helped, Data Loss Preventions Solutions could also have helped. All these solutions are well within the reach of even a small business, so for a large enterprise like Gannett to not have these bases covered shows a fundamental lack of understanding of how important these types of protection are.
Would you want to bet that they now implement such technologies?