Briefs

Four months later, Cox Media confirms ransomware attack

The Cox Media Group, one of the largest media conglomerates in the US, has formally acknowledged a ransomware attack that crippled and took down live feeds for several TV and radio stations earlier this year, in June.

In breach notification letters filed with US state attorneys’ offices this week, CMG acknowledged the incident for the first time after it previously warned employees not to confirm the intrusion or share details about the attack with the press. The acknowledgment also comes more than four months after the attack took place.

CMG said the incident only impacted “a small percentage of servers” that were encrypted by a ransomware group.

Although the intruders asked for a ransom demand to decrypt affected servers, CMG said they responded by taking the servers offline.

“CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident,” it explained.

The company also said that a recent investigation found that the intruders tried and failed to copy HR-related files from one of the breached servers.

CMG said that even if the attackers didn’t manage to remove the files, the company is now notifying all employees who had data stored in those files after sending an initial set of notifications earlier this year, on July 30.

Personal data stored in the files included the likes of:

  • names
  • addresses
  • Social Security numbers
  • financial account numbers
  • health insurance information
  • health insurance policy numbers
  • medical condition information
  • medical diagnosis information
  • online user credentials

Since the June 3 attack, no ransomware gang has stepped forward to take credit for the Cox Media Group intrusion or to threaten to leak files from the company.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Facebook testing end-to-end encryption as a default on Messenger

Facebook has long been criticized for not using end-to-end encryption as a default option for…

17 hours ago

CISA orders civilian agencies to patch Zimbra bug after mass exploitation

The Cybersecurity and Infrastructure Security Agency added two vulnerabilities found in products from digital collaboration…

19 hours ago

AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach

Telecommunications giant AT&T denied any connection to a database of stolen information that included the…

20 hours ago

U.S. shares photo of alleged Conti suspect, offers $10 million for intel

The U.S. State Department on Thursday said that it was offering a $10 million reward…

20 hours ago

Suspected Tornado Cash developer arrested in Netherlands

Financial crime authorities in the Netherlands announced Friday that they had arrested a 29-year-old man…

1 day ago

NHS working with U.K. cyber authorities to assess ransomware attack on IT vendor

The United Kingdom’s National Health Service said it is working with the country’s National Cyber…

2 days ago