This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Guardian Australia

Summary

Guardian Australia disclosed in early February 2023 that approximately 140 current and former employees who were employed between February 2017 and May 2019 had their personal data compromised in a ransomware attack on the multinational news outlet. The cyberattack, which was first detected in late December 2022, was believed to have been triggered by a phishing attempt. The stolen data included highly sensitive employment information such as tax file numbers, bank account details, superannuation information, salaries, and addresses.

What Happened

The Guardian experienced what it described as "a highly sophisticated cyber-attack involving unauthorised third-party access to parts of our network" in late 2022. The attack was first reported in December 2022, and in January 2023, The Guardian confirmed it was likely a ransomware attack.

The company indicated the incident was "most likely triggered by a 'phishing' attempt in which the victim is tricked, often via email, into downloading malware." An employee appears to have fallen victim to a phishing email that allowed attackers to gain initial access to The Guardian's network.

Australian staff were notified about their compromised data in early February 2023, several weeks after the attack was first detected. The breach affected staff data stored in The Guardian's systems between February 2017 and May 2019, suggesting the attackers accessed archived or legacy HR systems.

Initially, The Guardian stated that personal data belonging to readers and subscribers, as well as US staff data, was not accessed. However, UK staff data was confirmed as compromised in January 2023, and the Australian disclosure followed in February.

Impact on Individuals

The breach affected some 140 current and former employees of Guardian Australia who were employed between February 2017 and May 2019. The compromised data included highly sensitive employment and financial information:

  • Tax file numbers
  • Bank account details
  • Superannuation information
  • Salaries
  • Addresses

The exposure of tax file numbers is particularly concerning, as these are permanent identifiers in the Australian tax system that cannot be easily changed, creating long-term identity theft risks. Combined with bank account details and salary information, the stolen data provides criminals with a comprehensive financial profile of affected employees.

The breach also affected former employees who may no longer have any relationship with The Guardian, meaning they might not have been expecting communications from the organisation and could be more vulnerable to targeted phishing attempts using the stolen information.

Organisational Response

Guardian Australia's Managing Director Dan Stinton and Editor Lenore Taylor sent an email to affected staff notifying them of the breach. The company engaged cybersecurity experts to investigate the incident and secure its systems.

The Guardian worked to contain the attack and restore normal operations, which took several weeks. The organisation notified relevant authorities and affected staff, and likely offered support such as credit monitoring services to help employees protect themselves from potential fraud or identity theft.

The incident highlighted the ongoing threat of phishing attacks to media organisations and the importance of employee security awareness training, as even sophisticated newsrooms with strong technical security can be compromised through social engineering tactics.

Verification Source: View original statement