Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dow Jones Suffers Data Breach

Malicious Hackers Target Subscriber Information in Dow Jones Breach

Business news and financial information provider Dow Jones & Company revealed on Friday that its systems had been breached by malicious actors who might have stolen subscriber information.

Malicious Hackers Target Subscriber Information in Dow Jones Breach

Business news and financial information provider Dow Jones & Company revealed on Friday that its systems had been breached by malicious actors who might have stolen subscriber information.

The News Corp-owned company and publisher of the Wall Street Journal told customers that it learned of the breach after it was alerted by law enforcement in late July. Following an investigation conducted in collaboration with a cyber security firm, Dow Jones determined that attackers accessed its systems “at certain times” between August 2012 and July 2015.

According to law enforcement, Dow Jones is just one of the several organizations targeted by malicious actors as part of a broad campaign. In the case of the financial news provider, the hackers appear to have targeted the contact details of current and former subscribers, including names, addresses, email addresses and phone numbers, information which they wanted to use to send out fraudulent solicitations.

The attackers might have also accessed financial information, including payment card and contact details, belonging to roughly 3,500 individuals. However, there is no direct evidence that any information has actually been stolen or misused, Dow Jones CEO William Lewis said in a letter sent out to customers last week.

Individuals whose financial details have been exposed will receive letters informing them about the incident and they will be offered free identity protection services. Dow Jones believes there is no need for customers to change their passwords since the information is encrypted, but it’s unclear what type of encryption or hashing system has been used.

Regarding the more than two month delay in notifying customers, Lewis said the company’s goal has been to quickly contain and investigate the breach, and then provide accurate information as soon as possible.

Dow Jones customers concerned about their online account are advised to contact the company’s customer service department at 1-800-JOURNAL.

Advertisement. Scroll to continue reading.

“In today’s world – where literally anyone connected to the Internet is vulnerable – it’s no longer just a question of spending, it’s a question of processes and skills. Following the Dow Jones breach, I’m heartened that the CEO has publically said that no company is immune to cyberattacks. Solely recognizing that all organizations need comprehensive security solutions is the first step to reducing the onslaught of breaches we’ve witnessed over the last few years,” Grayson Milbourne, security intelligence director at Webroot, commented on the incident.

“As large company breaches have revealed, security isn’t always a question of budget but also a question of skills and background checks. The name of the game is to find out what is going on in an environment and reduce the risk,” Milbourne told SecurityWeek. “Overall, there is a clear trend of attacks that aim to compromise companies who store vast amounts of user data. These businesses need to prepare for continued attacks by updating their security policies and systems to be on high alert.”

This is not the first time Dow Jones has been targeted by malicious hackers. The company was one of the many victims of an international hacking scheme in which the members of a criminal enterprise caused $300 million in losses between 2005 and 2012. The crime syndicate, whose leader recently pleaded guilty in a US court to charges of conspiracy to commit wire fraud and unauthorized access of protected computers, is said to have stolen 10,000 login credentials from Dow Jones.

The Wall Street Journal has also been targeted by malicious actors. The company took some of its computers offline in July 2014 after detecting an intrusion.

Related Reading: US Busts Hacking/Insider Trading Ring

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.