News Corp has revealed that a previously acknowledged breach was much worse than originally thought.
News Corp, which owns The Wall Street Journal, revealed in February 2022 that it had suffered a cybersecurity breach. The company said the breach involved “persistent cyberattack activity” in a third-party cloud service it used.
Unfortunately, in a breach notification first spotted by Ars Technica, the company has admitted that the breach went on for two years:
“Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information,” the letter stated. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”
The company did say that it does not believe any fraud or identity theft has been committed as a result of the breach. Instead, News Corp told Ars that investigators “believe that this was an intelligence collection.”
That conclusion would certainly be in line with conclusions gathered last year when the breach was first discovered. At the time, News Corp enlisted security firm Mandiant to help it resolve the situation. Mandiant’s conclusion was that the attack was carried out by hackers affiliated with the Chinese government.