About 25,500 Philadelphia Inquirer subscribers, employees, former employees, and employees’ family members on company benefit plans may have had their personal information exposed in a May cyberattack, Inquirer publisher and chief executive officer Lisa Hughes said Friday.
The company announced in an internal email to employees that outside cybersecurity experts had found no evidence that the data had been misused to commit identity theft or fraud. In an e-mailed response to follow-up questions, Hughes said that Social Security numbers, driver’s license numbers, financial account information, and medical information may have been accessed.
“For organizations that think they will not be targeted by cybercriminals, this is a lesson in the importance of security, regardless of what type of organization they are running. Cybersecurity can be expensive and time consuming, so smaller organizations need to ensure that they are spending their budgets on low cost but effective controls. Because a significant number of attacks focus on the human element, it's important that organizations educate and train employees on methods to spot and quickly report social engineering attacks and phishing. It's critical for organizations to have an incident response plan in place that includes a dedicated portion to include dealing with ransomware and other digital extortion schemes. In addition, notifying potential victims that their data has been stolen is a significant part of reputational damage control.”
— Erich Kron, security awareness advocate at KnowBe4 —
Comments
No comments on this item Please log in to comment by clicking here