Hackers accessed News Corp's network for two years
The company says the unauthorised access does not appear to have been targeted towards exploiting personal information
Media and publishing giant News Corp has disclosed that the threat actors who compromised the company ' s systems had access to its networks for about two years.
The New York-headquartered company revealed new details about the data breach in notification letters [pdf] sent to affected employees.
Last year, News Corp said it had detected cyberattacks on a business email and document storage system that was utilised by multiple businesses of the firm. The company first detected unauthorised activity on the storage system in January 2022.
The Wall Street Journal, which first reported on the incident last year, said that the breach impacted major news divisions of the company, including the New York Post, The Wall Street Journal, and the company's UK news operations.
News Corp now says that an unauthorised third party had gained access to some business documents and emails from a limited number of employee accounts within the compromised system between February 2020 and January 2022.
The personal data compromised during the breach included one or more of the following pieces of information for each impacted individual:
- name
- date of birth
- Social Security number
- driver ' s licence number
- passport number
- financial account information
- medical information
- health insurance information
While the company did not disclose the number of employees impacted, it said that the unauthorised access does not appear to have been targeted towards exploiting personal information.
Additionally, the company has no evidence of any incidents of identity theft or fraudulent activities related to this issue.
"We nonetheless are providing you notice of this issue because the investigation has determined that some of your personal information was contained in the relevant materials," News Corp said.
The media giant appears to be confident that the threat actors no longer have access to its network.
"We take our obligation to safeguard personal information very seriously and are alerting you about this issue so you can take steps to help protect yourself," it added.
The company is offering free identity protection and credit monitoring services through Experian to all affected employees for a period of 24 months.
When News Corp initially disclosed the hack, it claimed that the data breach was carried out by Chinese state-affiliated hackers.
Mandiant, which was hired by News Corp to investigate the breach, noted that the hackers had connections to China and that the breach was likely an espionage activity conducted to gather intelligence for the benefit of China's interests.
In October of last year, the New York Post revealed that it had been hacked when unknown attackers used its website and Twitter account to publish offensive headlines and tweets that targeted several US politicians.
The following day, the newspaper disclosed that one of its employees was responsible for the incident, and had been terminated.