News Corp admits China-linked hackers breached company for two years

Main entrance to News Corporation / Fox News headquarters in New York.
(Image credit: Getty Images)

Media giant News Corp is the latest organisation to have fallen victim to a lengthy data breach after revealing that hackers had access to company systems for nearly two years.

News Corp said it first discovered unauthorised activity on internal storage systems in January 2022. A subsequent investigation by the publisher found that threat actors gained access to business documents and email correspondence belonging to a “limited number of employees” beginning February 2020.

The company said that employee data is believed to have been compromised in the breach, and could include names, dates of birth, social security and driver's license details, passport numbers, or financial and health insurance information.

Several brands within the News Corp publishing group have been impacted by the breach, including the Wall Street Journal, New York Post, and some UK news publications.

“On 20 January 2022, News Corp discovered cyber attack activity on a business email and document storage system used by several News Corp businesses,” the company said in an employee notice.

“News Corp understands that, between February 2020 and January 2022, an unauthorised party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information.”

Although News Corp has not disclosed details on the number of employees affected by the breach, the firm noted that the incident “does not appear to be focused on exploiting personal information”.

The firm added that there is no indication that personal information has been used to conduct identity theft or fraud.

“We nonetheless are providing you notice of this issue because the investigation has determined that some of your personal information was contained in the relevant materials,” the advisory said.

Upon discovering the breach, News Corp said it notified US law enforcement and employed the services of a “leading cyber security firm”, believed to be Mandiant.

The firm said it “promptly took steps to contain the activity”, adding that the unauthorised party no longer has access to company systems.

“Based on the investigation to date, we have no evidence of ongoing unauthorised access to our systems,” the company said.

RELATED RESOURCE

Take control of diverse and rapidly evolving enterprise risks

Effectively manage and report on risk and compliance

FREE DOWNLOAD

Experts have criticised the company for failing to spot the intrusion for so long.

Julia O’Toole, CEO at MyCena Security Solutions, told IT Pro that given the timescale and despite News Corp's belief that the stolen data has not been used in fraud campaigns, staff are under "much greater risk of financial fraud and identity theft".

"Given that the attackers had two years of access before they were identified, this means they most likely got away with more information than was first realised, and with no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks," she said.

Long-term breach

News Corp’s disclosure follows a recent announcement by GoDaddy that the company had experienced a similar lengthy breach lasting nearly three years.

Earlier this month, the domain hosting site revealed it had fallen victim to a ‘multi-year’ security incident which saw hackers steal source code and install malware that redirected sites to malicious pages.

An investigation by the firm found that several security incidents in recent years were attributed to the breach and carried out by the same threat actor.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.