Guardian confirms it was hit by ransomware attack

Media firm says personal data of UK staff members was accessed in ‘highly sophisticated’ cyber-attack last month

The Guardian has confirmed it was hit by a ransomware attack in December and that the personal data of UK staff members has been accessed in the incident.

The Guardian Media Group’s chief executive, Anna Bateson, and the Guardian’s editor-in-chief, Katharine Viner, confirmed the news in an update emailed to staff on Wednesday afternoon.

They described the incident as a “highly sophisticated cyber-attack involving unauthorised third-party access to parts of our network”, most likely triggered by a “phishing” attempt in which the victim is tricked, often via email, into downloading malware.

The Guardian said it had no reason to believe the personal data of readers and subscribers had been accessed. It is not believed that the personal data of Guardian US and Guardian Australia staff has been accessed either.

The Information Commissioner’s Office, the UK’s data watchdog, has been informed of the attack, as well as the UK police.

However, the message to staff said there had been no evidence of data being exposed online, so the risk of fraud is considered to be low.

The attack was detected on 20 December and affected parts of the company’s technology infrastructure. Staff, most of whom have been working from home since the attack, have been able to maintain production of a daily newspaper, while online publishing has been unaffected.

“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” said Bateson and Viner.

“These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries.”

They added: “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely.”

The Guardian has been using external experts to gauge the extent of the attack and to recover its systems.

Although the Guardian expects some critical systems to be back up and running “within the next two weeks”, a return to office working has been postponed until early February in order to allow IT staff to focus on network and system restoration.

According to a government report last year, two in five UK businesses reported cyber security breaches or attacks in the previous 12 months.


Dan Milmo Global technology editor

The GuardianTramp

Related Content

Article image
Guardian hit by serious IT incident believed to be ransomware attack
Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

Jim Waterson Media editor

21, Dec, 2022 @1:24 PM

Article image
Cybersecurity stocks boom after ransomware attack
Companies see share prices rise sharply amid expected increase in spending on IT security after WannaCry hack

Nick Fletcher and Haroon Siddique

16, May, 2017 @3:35 PM

Article image
Pro-Assad Syrian hackers launching cyber-attacks on western media
Syrian Electronic Army claims responsibility for attack on Guardian and other organisations

Nick Hopkins and Luke Harding

29, Apr, 2013 @6:18 PM

Article image
Ransomware attack hero condemns 'super-invasive' tabloids
Marcus Hutchins says he will have to move house after newspaper identified him and published his full address

Nadia Khomami

22, May, 2017 @8:44 AM

Article image
Russia and neighbours are source of most ransomware, says UK cyber chief
Lindy Cameron, head of National Cyber Security Centre, says extortion is most serious online threat to UK

Dan Sabbagh Defence and security editor

11, Oct, 2021 @4:28 PM

Article image
North Korea top suspect for WannaCry attack, says ex US security chief
Methods used in ransomware attack on NHS and in up to 100 countries similar to those used by Pyongyang in the past, says Michael Chertoff

Henry McDonald

28, May, 2017 @6:44 PM

Article image
Ransomware attack leaves council facing huge bill to restore services
IT servers have been disabled for past three weeks, affecting website and phone lines

Helen Pidd and Gregory Robinson

27, Feb, 2020 @4:28 PM

Article image
The ransomware attack is all about insufficient funding of the NHS | Charles Arthur
Amber Rudd, the home secretary, can burble all she wants but the Tories have overseen chaos in NHS computing systems

Charles Arthur

13, May, 2017 @12:21 PM

Article image
Ransomware hackers steal plans for upcoming Apple products
Group behind REvil ransomware claims stolen files include plans for two laptops and a new Apple Watch

Alex Hern

22, Apr, 2021 @1:37 PM

Hackers target Guardian jobs site

Half million people may have details compromised despite technicians interrupting 'sophisticated' attack on recruitment site

Jack Schofield

25, Oct, 2009 @5:23 PM