The passports, bank details and National Insurance numbers of some current and former Metropolis employees have been compromised in a cyberattack.
Robert Marr, the chief executive of parent company Metropolis Group, emailed staff this week to inform them attackers had “managed to penetrate some of our systems” the week before.
Metropolis employs 500 staff across a group of B2B and specialist media brands including Nursing Times, Property Week and Viz.
The hackers, Marr wrote, accessed and extracted data from two servers “which had a number of shared folders on them”, some of them containing personal information.
“This data includes copies of some payslips (which includes addresses, email addresses and NI numbers), some bank account details (number and sort code), copies of some passports, some driving licences, some HR correspondence and documents, expression of wishes forms, CVs,” Marr said.
He added that Emap believes it has “now identified and isolated the threat” and work continues to ensure the company’s servers and other computers are free of malware. A “leading global cyber incident response provider” has been brought in to assist, Marr said.
But the hack creates a risk that the personal data may become public “and that third parties may attempt to use personal data for identity fraud or credit and bank fraud purposes, or to access accounts or reset passwords”.
Metropolis told Press Gazette: “We take data security extremely seriously. Last week we were alerted to a potential data incident. We immediately engaged our IT security advisors and our managed cybersecurity software partner, and worked with a leading global cyber incident response provider to ensure our data was protected. We informed the Information Commissioner’s Office and the National Crime Agency.
“This was a sophisticated cyber attack. The cyber attackers failed to encrypt our systems, which was probably their aim. We have since identified that they penetrated a part of our system which may include some personal data and on a precautionary basis have contacted those who may have been potentially affected. Our operations continue as normal.”
Cyberattackers may attempt to encrypt data on a computer system in order to ransom the sealed files back to the victim.
[Read more: How publishers should respond to a deluge of news industry cyberattacks]
How often are news publishers targeted in cyberattacks?
News publishers are regularly targeted by cyberattackers in part because they are particularly vulnerable. News outlets often have substantial digital supply chains, creating more opportunities for hackers.
The public-facing position of publishers and the potentially sensitive information they host in their systems can also make them targets for state-sponsored hackers.
In the 2024 “State of Ransomware” report from cybersecurity service Sophos, 62% of IT leaders at “media, leisure and entertainment” businesses reported their company had been the target of a ransomware attack in the last year. The median ransom demanded was $1.2m and the median amount paid was $946,000. Of those successfully targeted, 69% paid the ransom.
In August French news agency AFP announced it had come under cyberattack from an unknown source, impacting its IT systems and “affecting part of its delivery service to clients”. Regional publisher Newsquest was unable to publish stories at some of its sites following a cyberattack in December, and The Guardian was subject to a major ransomware attack at the end of 2022 which, like the Emap attack, compromised staff bank details and passport numbers.
Earlier this year cybersecurity experts told Press Gazette the best things publishers could do to minimise their cyberattack risk were:
- Keeping all software up to date
- Using multi-factor authentication, with pass phrases or complex passwords, on all accounts
- Regular staff training, ideally with spoof phishing attempts
- Advising staff caution on the sharing of personal information online which could be used for impersonation or “social engineering”.
Email [email protected] to point out mistakes, provide story tips or send in a letter for publication on our “Letters Page” blog