Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach – Source: www.bleepingcomputer.com

Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals.

The Inquirer is Philadelphia’s largest newspaper by circulation and has won 20 Pulitzer Prizes since it was founded in 1829. It’s also the third-longest operating daily newspaper in the United States.

In May 2023, The Inquirer disclosed that its systems were breached in a cyberattack detected after its content management system went down unexpectedly. In response, the news organizations took some computer systems offline to contain the security breach and hired Kroll forensics experts to investigate the “anomalous activity.”

The attack disrupted the publication of the print newspaper, with home-delivery subscribers asked to catch up with the latest news using the newspaper’s website (inquirer.com), which remained unaffected.

“On May 13, 2023, we became aware of suspicious activity relating to certain internal information systems. In response, we began working with third-party cyber specialists to investigate the nature and scope of the activity,” The Inquirer said in data breach notifications [PDF] sent to impacted individuals.

“We determined that an unauthorized party gained access to our systems and certain files were viewed and/or copied from our systems between May 11, 2023, and May 13, 2023.”

The investigation determined that the information exposed during the breach included the impacted individuals’ names and other personal identifiers in combination with financial account numbers or credit/debit card numbers (in combination with security code, access code, password, or PIN for the accounts).

The newspaper advised affected people to monitor their accounts for identity theft and fraud attempts and offered 24 months of free Experian credit monitoring and identity restoration services.

While The Inquirer didn’t reveal the nature of the attack, the Cuba ransomware gang claimed responsibility one week after the incident.

The ransomware group claimed they stole financial documents, correspondence with bank employees, balance sheets, tax documents, compensation, and source code from Inquirer’s compromised servers.

Cuba also published the files on its dark web leak site, indicating that the newspaper refused to pay a ransom and that the extortion attempt reached a dead end.

However, one day after the files were leaked, The Inquirer reported that the documents did not “appear to come from the newspaper.” Soon after, the ransomware gang removed the Philadelphia Inquirer entry from its website.

As the FBI and CISA revealed in a joint security advisory, the Cuba ransomware gang collected over $60 million in ransoms until August 2022 after breaching more than 100 victims worldwide.

A previous FBI advisory from December 2021 also warned that Cuba operators had compromised at least 49 U.S. critical infrastructure organizations.