Gannett Company was hit with a phishing attack that may have compromised the accounts of as many as 18,000 current and former employees.
Officials said the attack appears to have originated from a malicious email sent to human resources staff and was spotted on March 30 when the perpetrator attempted to use one of the compromised accounts for a fraudulent corporate wire transfer request that was flagged as suspicious, according to USA Today which is owned by Gannett.
Although Gannett did not explicitly state which information was compromised, it will be notifying those affected as well as offering credit monitoring services because employee information was potentially available through some of the affected accounts before administrators could shut them down.
The attack appears to have been carried out by an attacker who was able to compromise the Office 365 credentials of some HR employees, Plixer International Director of Marketing and Strategic Relationships Bob Noel told SC Media.
“Once the hacker got control of actual employee email accounts, they were able to impersonate HR with what appeared to be a valid emails to Gannett employees (although in actuality they were themselves phishing attacks),” Noel said. “The lesson learned here is if you unexpectedly receive a digital request to provide personal information, before hitting send, you should pick up the phone and verify with the sender the legitimacy of the request.”
He went on to say that hackers have become so proficient with phishing emails that they can fool even the savviest of tech users proving that people are the weakest link in the security chain and that education should be a top priority. Sadly enough, he said, this isn't the case.
Gannett owns more than 100 newspapers across the country.