The Guardian has warned its staff that sensitive personal information including their salaries, bank details and passport numbers were exposed when the media group was hit by a “highly sophisticated” ransomware attack last month.
The company said that its internal systems were breached through a successful phishing attack, in which an employee is tricked into giving away access details to a third party.
“It’s now clear that we experienced a highly sophisticated cyber attack involving unauthorised third-party access to parts of our network, which appears to have been triggered by a phishing attack,” staff were told in an email on Wednesday by Katharine Viner, the Guardian’s editor-in-chief, and Anna Bateson, chief executive of Guardian Media Group.
Personal information that the company said was “accessed” includes: “name, National Insurance number, address, date of birth, bank account, salary, identity documents such as passports”.
They added that the company had alerted the Information Commissioner’s Office of the data breach stemming from “criminal ransomware”.
The Guardian did not disclose how it was dealing with the attackers or whether a ransom demand had been made but the email did say it had “seen no evidence that any data has been exposed online thus far”.
A spokesman told the FT that they did not think any subscriber or reader information had been accessed.
“There have been a steady stream of attacks against media groups over the last 12 months, 62 in total,” said Matt Hull, global head of threat intelligence at NCC Group. “The biggest motivation in these attacks is almost always financial gain.”
Hull added that the Guardian risked potential fines if the Information Commissioner’s Office concluded that the company had failed to take sufficient measures to prevent or contain a personal data breach.
The Guardian said that its US and Australian offices were not affected by the attack, although it is expected to prevent the majority of staff from working at its London headquarters until at least early February as IT experts gradually bring the office systems back online and ensure there is no hidden malware left in its servers.