Publishing giant News Corp revealed that attackers behind a breach disclosed in January 2022 had persistent access to part of its internal system for over two years.
In a letter sent to employees last week, the company said attackers have gained access to a business and document storage system used by several News Corp businesses and obtained employees’ personal and health information.
The attack affected the media giant’s multiple publications and business units, including The Wall Street Journal, the New York Post and its U.K. news operations.
According to the letter, the affected employees’ information may have included names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, financial account information, medical information and health insurance information.
A News Corp spokesperson did not tell SC Media how many employees were impacted but said it is “a limited number.”
Two years dwell time
While News Corp admission that hackers were on its network for two years is uncommon, Connie Stack, data protection advisor and CEO of data loss protection firm Next DLP, said many organizations face challenges identifying breaches in a timely manner.
Indeed, according to IBM’s 2022 Data Breach Report, organizations took an average of 277 days—about nine months—to identify and contain a breach.
“The number one reason cyber-intrusions get missed is alert fatigue. Alert fatigue happens when security and risk professionals are exposed to a large and frequent number of alerts and ultimately become desensitized
Read more