Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dow Jones Suffers Data Breach

Malicious Hackers Target Subscriber Information in Dow Jones Breach

Business news and financial information provider Dow Jones & Company revealed on Friday that its systems had been breached by malicious actors who might have stolen subscriber information.

Malicious Hackers Target Subscriber Information in Dow Jones Breach

Business news and financial information provider Dow Jones & Company revealed on Friday that its systems had been breached by malicious actors who might have stolen subscriber information.

The News Corp-owned company and publisher of the Wall Street Journal told customers that it learned of the breach after it was alerted by law enforcement in late July. Following an investigation conducted in collaboration with a cyber security firm, Dow Jones determined that attackers accessed its systems “at certain times” between August 2012 and July 2015.

According to law enforcement, Dow Jones is just one of the several organizations targeted by malicious actors as part of a broad campaign. In the case of the financial news provider, the hackers appear to have targeted the contact details of current and former subscribers, including names, addresses, email addresses and phone numbers, information which they wanted to use to send out fraudulent solicitations.

The attackers might have also accessed financial information, including payment card and contact details, belonging to roughly 3,500 individuals. However, there is no direct evidence that any information has actually been stolen or misused, Dow Jones CEO William Lewis said in a letter sent out to customers last week.

Individuals whose financial details have been exposed will receive letters informing them about the incident and they will be offered free identity protection services. Dow Jones believes there is no need for customers to change their passwords since the information is encrypted, but it’s unclear what type of encryption or hashing system has been used.

Regarding the more than two month delay in notifying customers, Lewis said the company’s goal has been to quickly contain and investigate the breach, and then provide accurate information as soon as possible.

Dow Jones customers concerned about their online account are advised to contact the company’s customer service department at 1-800-JOURNAL.

Advertisement. Scroll to continue reading.

“In today’s world – where literally anyone connected to the Internet is vulnerable – it’s no longer just a question of spending, it’s a question of processes and skills. Following the Dow Jones breach, I’m heartened that the CEO has publically said that no company is immune to cyberattacks. Solely recognizing that all organizations need comprehensive security solutions is the first step to reducing the onslaught of breaches we’ve witnessed over the last few years,” Grayson Milbourne, security intelligence director at Webroot, commented on the incident.

“As large company breaches have revealed, security isn’t always a question of budget but also a question of skills and background checks. The name of the game is to find out what is going on in an environment and reduce the risk,” Milbourne told SecurityWeek. “Overall, there is a clear trend of attacks that aim to compromise companies who store vast amounts of user data. These businesses need to prepare for continued attacks by updating their security policies and systems to be on high alert.”

This is not the first time Dow Jones has been targeted by malicious hackers. The company was one of the many victims of an international hacking scheme in which the members of a criminal enterprise caused $300 million in losses between 2005 and 2012. The crime syndicate, whose leader recently pleaded guilty in a US court to charges of conspiracy to commit wire fraud and unauthorized access of protected computers, is said to have stolen 10,000 login credentials from Dow Jones.

The Wall Street Journal has also been targeted by malicious actors. The company took some of its computers offline in July 2014 after detecting an intrusion.

Related Reading: US Busts Hacking/Insider Trading Ring

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.