Personal data of Guardian staff breached in cyberattack

Data for 140 workers at Australian newspaper includes bank account details, salaries, addresses

Personal data of Guardian staff breached in cyberattack

Australian staff of The Guardian had their data compromised in a cyberattack that hit the multinational news outlet in late 2022, according to a new report.

Some 140 current and former employees of the outlet who were employed between February 2017 and May 2019 were affected by the breach, The Sydney Morning Herald reported, citing an email from The Guardian's Australian managing director Dan Stinton and editor Lenore Taylor.

Tax file numbers, bank account details, superannuation information, salaries, and addresses were among the data potentially accessed by the hackers, according to the news outlet.

However, they also noted that because key servers of the news outlet were corrupted, they couldn't identify the information potentially accessed by the hackers until they were rebuilt.

"Our Australia and London teams have been working urgently to enable us to understand whether and which documents and personal data might have been accessed," Stinton and Taylor wrote in the email seen by The Sydney Morning Herald.

A spokeswoman from the news outlet told The Sydney Morning Herald that they have yet to see evidence of employees' personal data being leaked online.

A credit monitoring service is also implemented for all employees, as the spokeswoman assured that they "continue to monitor" the situation.  

The announcement to staff came after The Guardian said in January that it didn't believe that personal data of Guardian US and Guardian Australia staff were accessed.

As of 2022, The Guardian Australia has 924 people employed in the editorial and production category, according to data Statista, while it has 565 staff members in sales, distribution, and support categories.

Ransomware attack

The attack was first reported in December 2022, which The Guardian believed was a "ransomware attack," prompting the company to launch work-from-home arrangements.

In January, it confirmed the incident as a "highly sophisticated cyber-attack involving unauthorised third-party access to parts of our network."

The company said the incident is "most likely triggered by a 'phishing' attempt in which the victim is tricked, often via email, into downloading malware."

Employees are more likely to become victims of HR-related phishing emails, a new report has found, which underscored how business-related frauds are gaining momentum.

Cyberattacks hit more Australian firms

The incident adds to the growing list of local organisations that fell prey to cyberattacks in 2022. Australian telecommunications company Optus and private health insurer Medibank were also hit by data hacks in 2022, prompting the government to introduce legislation that will crackdown on organisations that fail to protect sensitive information.

A survey by property experts InfoTrack also found that 16% have been impacted by cybercrime, the most common of which was phishing and pharming.

"Many of these businesses are small operations which don't usually have staff dedicated to managing technology. They also hold confidential information including 100-point ID check records, such as passports and driver licences. These make them top targets for email phishing, identity theft and payment redirection scams," said Sebastian Mill, InfoTrack's chief technology officer.

Following the incidents with Optus and Medibank, however, 98% of their respondents said they implemented cybersecurity measures, while 73% said they took cybersecurity very seriously.

According to Mill, the safest way to ensure data security is to use an e-conveyancing workspace and a secure communication channel.

All employees should also undergo annual cybersecurity training for all employees, suggested InfoTrack. Other measures include having an email provider with multifactor authentication and a paid antivirus software. 

Recent articles & video

2 in 3 Australians OK with date change for Australia Day

Former security services firm fined for failing to act on Compliance Notice

Independent contractor or not: Worker asserts oral contract

Worker hired through labour hire company challenges employment status

Most Read Articles

Queensland resolves dispute on long service leave entitlements

From full-time to casual: 'Struggling' employer converts worker's role without consent

Woolworths fined $1.2-million for underpaying long service leave of employees