News

Guardian staff have had their personal information accessed by hackers

Staff at the Guardian have had personal and confidential information accessed in a sophisticated cyberattack. The compromised data, according to editor-in-chief Katharine Viner, includes the names, addresses, bank account information, salaries, and passport documents of Guardian reporters. The hack has been going on for almost a month and has impacted some of the paper’s operations.  

In an email to staff, Ms Viner said that initial investigations had uncovered that some files containing the personal data of UK staff were accessed in the hack, which is now believed to be a phishing attack leading to a ransomware incident . The paper has promised to support staff given that there is a confirmed risk and the incident has been reported to the relevant authorities. Reader and subscriber data is not thought to have been accessed at this time.  

At Keller Postman UK, we have seen victims of similar data breaches become the target of cybercriminals, with instances of fraud, blackmail, and identity theft. And, despite claims from the paper that there appeared to be “no evidence that any data has been exposed online thus far”, affected Guardian employees are at high risk of being targeted by cybercriminals and should take immediate steps to protect themselves. 

Data exposed in similar hacks has subsequently been sold on the dark web, with the impact not always apparent until months later. By implementing security steps now, Guardian employees stand a better chance of protecting themselves should their stolen data be used against them in the future.  

While the Guardian was a victim of a criminal hack, there are signs that poor data security processes at the paper may have made the breach more likely. For example, one media report states that Guardian staffers were unable to regularly change their passwords as staff were made to “file a special request to the company’s IT department in order to alter login information”. Such an outdated process meant that “many staff had not altered their passwords in several years”.  

At Keller Postman UK, we have launched an investigation to find out what happened, and how this breach affects Guardian employees. We believe that failures to adopt standard security measures may have made this attack easier and we plan to launch a data breach group action to help affected employees in England & Wales claim compensation for the security failures.   

If you have received notification that you are involved in the Guardian data breach, register below to join our action and receive updates on our investigation.  

Deborah Stuttard

Share
Published by
Deborah Stuttard
2 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

6 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

6 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

6 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

6 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

6 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

6 months ago