‘Limited number’ of News Corp employees sent breach notification letters after January cyberattack

Employees of News Corp are being sent breach notification letters this week following a January 2022 breach that the company believes the Chinese government was behind. 

On Wednesday, News Corp submitted documents to Massachusetts confirming the breach. A News Corp spokesperson would not tell The Record how many people were sent letters but at least one person in Massachusetts was sent a copy.

The spokesperson confirmed that the breach notification letters were sent in connection to the January 2022 incident but they added that it affected a “limited number” of employees, something they announced last year. The vast majority of employees were not targeted, according to the spokesperson.

News Corp owns The Wall Street Journal, Dow Jones, the New York Post and several other media properties. 

News Corp reported in SEC filings that its investigation indicated that a “foreign government involvement may be associated with this activity, and that data was taken.”

In the letters first reported by Bleeping Computer and dated 2/22/2023, News Corp says they initially discovered the cyberattack on January 20, 2022, when a business email and document storage system used by several News Corp businesses was accessed.

Law enforcement was contacted and security firm Mandiant was hired to respond to the incident. 

“Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information,” the breach notification letters said.  

“Our investigation indicates that this activity does not appear to be focused on exploiting personal information. We are not aware of reports of identity theft or fraud in connection with this issue.” 

The information included in the breach ranged from names and dates of birth to Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, and health insurance information.

They are offering victims two years of free identity protection and credit monitoring through Experian. 

After the attack was announced, Mandiant told The Wall Street Journal that they believe the attack was carried out by a threat actor operating in the interests of the Chinese government.

It was the second time Chinese state-backed hackers hacked the Wall Street Journal after another incident in 2013.