Guardian says employee records compromised in ransomware attack
The hack likely resulted from a phishing effort
The Guardian has confirmed that ransomware was to blame for the crippling cyberattack that forced it to close its UK offices last month.
In an update sent to employees on Wednesday, Anna Bateson, CEO of Guardian Media Group, and Katharine Viner, editor-in-chief acknowledged the data breach and said that hackers had gained access to the personal information of UK staff members.
Employees were informed that the hack likely resulted from a phishing effort and entailed unauthorised third-party access to a portion of the company's network.
The Guardian informed UK staff that hackers had gained access to their private information.
Around 1,500 people work for the newspaper worldwide, with 90% based in the UK.
The media firm said it had no grounds to suspect that subscribers' and readers' personal information had been accessed. Personal information of Guardian employees in the US and Australia is also not thought to have been accessed.
As per the message sent to employees, there has been no evidence of data exposure online, so the risk of fraud is seen as minimal.
"We believe this was a criminal ransomware attack, and not the specific targeting of The Guardian as a media organisation," said Bateson and Viner.
"These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries."
"We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely," they added.
The cyber incident was first identified on December 20, and at that time The Guardian said it significantly affected the firm's IT infrastructure, including several behind-the-scenes services.
Most Guardian employees have been working from home since then, although they have been able to maintain the production of a daily newspaper. Online publishing has continued unaffected following the incident.
Employees' return to office work has been delayed until early February in order to give IT staff time to focus on network and system restoration. The company expects most core systems to be back up and operating within the next two weeks.
There has been no more information released concerning the persons or organisations suspected of being involved, and it is unclear if a ransom demand was made to The Guardian or whether any money was paid.
The incident has been reported to the Information Commissioner's Office, as well as the UK police.
With approximately 390 million visitors in November, The Guardian is the ninth most-read news website, according to the Press Gazette.