Phishing Attack Potentially Compromised 18k Employees

In nearly every industry, phishing emails are all but scarce. Not all make headlines. And never are two separate instances identical. Each company might face different degrees of fallout. And many factors are responsible for this. One of which is the size of the company—and a recent phishing attack at a US media company Gannett Co—exemplifies the type of large company where more money is at risk. Of course, as all too familiar in this day and age, healthcare is the greatest target.

Other than a recent Netflix breach, the focus has not been directed towards media companies.

Gannett Co, a massive digital and physical media publisher of 109 newspapers and the owner of USA Today, announced a recent “phishing email attack.” The incident occurred on March 30, the announcement explained. In a press release in their flagship media and news company, USA Today, Gannett Co. outlined the details of the breach.

“A phishing email attack potentially compromised the accounts of as many as 18,000 current and former employees from media company Gannett Co.,” the announcement began. The number of employees either employed or formerly employed created a cause for concern. In 2016, the company reported the total number of employees: 24,000. And as a general rule, a company only employs such a high number of employees in a lucrative industry.

Gannett Company, in the 2016 report, announced a revenue of $3 billion, regardless of the of the true income, that figure indicated the financial scale of their market. A perfect example of a company with a lot to lose. However, according to their announcement, “sensitive personal data” was lost in the breach.

However, according to the Associated Press, “18,000 current and former employees knew hackers may have had access to their personal information after the email accounts of people who work in its human resources department.” So, the definition of sensitive information may not include “sensitive personal data.”

The company‘s in-house security team discovered the breach. Plixer International Director of Marketing and Strategic Relationships Bob Noel wrote that it “appears that the breach at Gannet was pulled off after a hacker was able to compromise the Office 365 credentials of some HR employees.” Then, after they obtained access to “actual employee email accounts, they were able to impersonate HR with what appeared to be a valid email to Gannett employees.”

Despite the fact that as many as 18,000 employees lost personal or sensitive information in the attack, the hacker’s endgame was thwarted. The entity initiated a corporate wire request from an account that the hacker suspected would fly under the radar. “The attempt was identified by Gannett’s finance team as suspicious and was unsuccessful.” This, if sensitive information truly avoided the eyes of the hacker, played out well for the company.

Despite the now-vulnerable information of 18,000 employees and potentially significant amount of money on the line via stock prices, this attack caused less damage than some attacks that occur on a much smaller scale. “Hackers have become so proficient with phishing emails that they can fool even the savviest of tech users (HR Department) which proves that people are the weakest link in the security chain,” Noel said.