US newspaper and media giant Gannett Co has been targeted by a phishing attack that may have compromised the accounts of as many as 18,000 current and former employees.
The group has already stressed that there is currently no indication that any sensitive personal data has been accessed as part of the phishing attack, although it will be offering credit monitoring to those affected.
According to USA Today, which is owned by Gannett Co, the breach was discovered on March 30th when the perpetrator(s) attempted to use one of the compromised accounts for a fraudulent corporate wire transfer request.
This was then identified as suspicious by the company’s finance team.
Officials claim the data breach stemmed from a malicious email sent to the company’s human resources department.
Gannett Co, which also owns another 109 media titles across the United States, is only the latest high-profile victim of a phishing scam, with the incident occurring in the same week as a similar attack on Gmail users.
According to a 2016 report from the Internet Society, organizations need to be better at preventing data breaches from happening.
“Up-to-date security systems, usable security, and awareness on how to deal with threats and social engineering are needed for reducing the opportunities for data breaches and device compromise,” Olaf Kolkman, chief internet technology officer at the Internet Society, said in November.
“The report shows that as much as 93% of all breaches could have been avoided if the correct measures were put in place.”