Elizabeth Weise reports:
A phishing email attack potentially compromised the accounts of as many as 18,000 current and former employees of media company Gannett Co.
As of Tuesday there was no indication of access to or acquisition of any sensitive personal data from employees’ accounts, said the company.
Gannett Co. (GCI) is the owner of USA TODAY, the publisher of this report, and 109 local news properties across the United States.
The attack was discovered on March 30 and investigated by Gannett’s cybersecurity team. It appeared to originate in emails to human resources staff.
Read more on USA Today.
From Gannett’s notification letter, a copy of which was uploaded to the California Attorney General’s site:
On Thursday, March 30, 2017, we discovered that several members of our HR department were victims of a phishing attack that compromised their Office 365 account login credentials, including their Gannett email. The perpetrator used those credentials to send further phishing emails from some of the impacted personnel’s accounts, and also attempted to use an account for a fraudulent corporate wire transfer request. This attempt was identified by our finance team as suspicious and was unsuccessful.
Upon discovering this incident, we took immediate action to lock down the impacted accounts and alert other Gannett employees about the phishing email to prevent others from being victimized by the phishing scheme as well. We also began an investigation to understand the scope of the incident, confirmed that other Gannett systems were unaffected, and contacted federal law enforcement.
At this time, there is no indication that there was any acquisition of any sensitive personal data. Nevertheless, we are providing this notice out of an abundance of caution because your information was available through some of the affected HR account login credentials, and potential access to or acquisition of that information, before the accounts were locked down, could not be definitively ruled out.