LONDON: A ransomware attack undermined The Guardian’s systems last month exposing UK staff personal data but not subscribers’ information to theft, the Guardian Media Group has confirmed.
The news was revealed on Wednesday by the group’s chief executive, Anna Bateson, and the newspaper’s editor-in-chief, Katharine Viner, in an update emailed to staff.
The Guardian stressed it had no reason to believe the personal data of readers and subscribers had been accessed.
The incident was a “highly sophisticated cyberattack involving unauthorized third-party access to parts of our network,” The Guardian senior management wrote.
They highlighted the attack was most likely triggered by a phishing attempt in which a target was tricked into downloading malware.
But, according to the email message to staff, there was no evidence of data being exposed online, meaning the risk of fraud was potentially low.
Also, it was not believed that the personal data of Guardian US and Guardian Australia staff had been accessed either.
The Information Commissioner’s Office, the UK’s data watchdog, has been informed of the attack, as well as the British police.
The attack was detected on Dec. 20 last year and targeted parts of the company’s technology infrastructure.
The Guardian has been using external experts to gauge the extent of the attack and to recover its systems.
According to a government report last year, two-in-five UK businesses had reported cybersecurity breaches or attacks in the previous 12 months.