Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dow Jones Suffers Data Breach

Malicious Hackers Target Subscriber Information in Dow Jones Breach

Business news and financial information provider Dow Jones & Company revealed on Friday that its systems had been breached by malicious actors who might have stolen subscriber information.

Malicious Hackers Target Subscriber Information in Dow Jones Breach

Business news and financial information provider Dow Jones & Company revealed on Friday that its systems had been breached by malicious actors who might have stolen subscriber information.

The News Corp-owned company and publisher of the Wall Street Journal told customers that it learned of the breach after it was alerted by law enforcement in late July. Following an investigation conducted in collaboration with a cyber security firm, Dow Jones determined that attackers accessed its systems “at certain times” between August 2012 and July 2015.

According to law enforcement, Dow Jones is just one of the several organizations targeted by malicious actors as part of a broad campaign. In the case of the financial news provider, the hackers appear to have targeted the contact details of current and former subscribers, including names, addresses, email addresses and phone numbers, information which they wanted to use to send out fraudulent solicitations.

The attackers might have also accessed financial information, including payment card and contact details, belonging to roughly 3,500 individuals. However, there is no direct evidence that any information has actually been stolen or misused, Dow Jones CEO William Lewis said in a letter sent out to customers last week.

Individuals whose financial details have been exposed will receive letters informing them about the incident and they will be offered free identity protection services. Dow Jones believes there is no need for customers to change their passwords since the information is encrypted, but it’s unclear what type of encryption or hashing system has been used.

Regarding the more than two month delay in notifying customers, Lewis said the company’s goal has been to quickly contain and investigate the breach, and then provide accurate information as soon as possible.

Dow Jones customers concerned about their online account are advised to contact the company’s customer service department at 1-800-JOURNAL.

“In today’s world – where literally anyone connected to the Internet is vulnerable – it’s no longer just a question of spending, it’s a question of processes and skills. Following the Dow Jones breach, I’m heartened that the CEO has publically said that no company is immune to cyberattacks. Solely recognizing that all organizations need comprehensive security solutions is the first step to reducing the onslaught of breaches we’ve witnessed over the last few years,” Grayson Milbourne, security intelligence director at Webroot, commented on the incident.

“As large company breaches have revealed, security isn’t always a question of budget but also a question of skills and background checks. The name of the game is to find out what is going on in an environment and reduce the risk,” Milbourne told SecurityWeek. “Overall, there is a clear trend of attacks that aim to compromise companies who store vast amounts of user data. These businesses need to prepare for continued attacks by updating their security policies and systems to be on high alert.”

This is not the first time Dow Jones has been targeted by malicious hackers. The company was one of the many victims of an international hacking scheme in which the members of a criminal enterprise caused $300 million in losses between 2005 and 2012. The crime syndicate, whose leader recently pleaded guilty in a US court to charges of conspiracy to commit wire fraud and unauthorized access of protected computers, is said to have stolen 10,000 login credentials from Dow Jones.

The Wall Street Journal has also been targeted by malicious actors. The company took some of its computers offline in July 2014 after detecting an intrusion.

Related Reading: US Busts Hacking/Insider Trading Ring

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.