Personal information including addresses and salary information on 140 current and former Australian staff of multinational media outlet The Guardian may have been accessed by hackers in the crippling cyberattack that hit the company late last year.

Its local leaders had told employees in a mid-January internal email that “we don’t currently believe there is a risk to Australian staff” but cautioned that its technical teams were continuing to investigate the breach.

The Guardian initially believed Australian staff details had not been affected by the attack.Credit:

On Thursday The Guardian’s Australian managing director Dan Stinton and editor Lenore Taylor emailed local staff to say 140 people employed between February 2017 and May 2019 had their details affected. Tax file numbers, bank account details, superannuation information, salaries and addresses were among the staff details potentially compromised.

Stinton and Taylor told staff in an email seen by this masthead that key Guardian servers were corrupted in the hack, preventing access to information that showed what the hackers had accessed until they were rebuilt.

“Our Australia and London teams have been working urgently to enable us to understand whether and which documents and personal data might have been accessed,” Stinton and Taylor wrote.

It is common in cyberbreaches for companies not to be able to determine if hackers gained access to, actually opened, or stole particular pieces of data.

A spokeswoman for the publication said extensive investigations had uncovered that the personal data of the 140 staff had been affected and added that the Office of the Australian Information Commissioner, which reviews data breaches, had been notified of the issue.

“A credit monitoring service is in place for all Guardian Australia staff, even though we have seen no evidence that personal data has been exposed online,” the spokeswoman said. “We continue to monitor for this.”

One Guardian staff member, who spoke on condition of anonymity, said workers at the company were concerned even if they had not been told they were among those affected. “Initially they didn’t think anyone had personal data compromised,” the person said.

The Guardian first detected signs of the hack, which it told staff was likely executed by criminals seeking a ransom rather than specifically targeting a media organisation on December 20, and shut its offices the next day in response. They remain closed.

In the United Kingdom, the hackers accessed staff information including names, national insurance number, addresses, dates of birth, identity documents and salary information.

Telecommunications company Optus and health insurer Medibank were hit by major cyberattacks last year that compromised the data of millions of Australians and prompted the government to increase penalties for the serious breaches to a maximum of $50 million or 30 per cent of a firm’s global turnover.

Nine Entertainment, the owner of this masthead, was hit with a ransomware attack in March 2021.

The Media, Entertainment and Arts Alliance, which is a union representing many staff at The Guardian, declined to comment.

The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.

Most Viewed in Technology

From our partners

Source: Read Full Article