Cox Media Group took down broadcasts after a ransomware attack

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021.

The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

The company notified via mail hundreds of individuals that were impacted by the security breach and that that have had their personal data exposed in the attack. 

CMG immediately launched an investigation with the support of law enforcement, it also hired leading cybersecurity experts to determine the extent of the attack. The company confirmed that it did not pay a ransom.

“On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious threat actor. CMG discovered the incident on the same day, when CMG observed that certain files were encrypted and inaccessible.” CMG quickly took its systems offline as a precautionary measure and took additional steps to prevent further unauthorized access.” reads the breach notification sent by the company to the impacted individuals.

Cox Media Group discovered the security breach the same day of the initial intrusion and immediately took down systems offline to avoid the propagation of the threat.

The company recently determined that the threat actor tried, without success, to remove copies of certain HR files on a server. According to the breach notification, personal information potentially exposed includes names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials, stored for the purpose of human resource management.

“CMG is not aware of any cases of identity theft, fraud, or financial losses to individuals stemming from this incident.” continues the notification.

The company announced to have taken steps to improve the security of its infrastructure after the security breach, such as the adoption of multi-factor authentication protocols, performing an enterprise-wide password reset, and the deployment of endpoint detection solutions.

“The Company is continuing to monitor and improve its capabilities to detect any further threats and avoid any further unauthorized activity. These steps include multi-factor authentication protocols, performing an enterprise-wide password reset, deploying additional endpoint detection software, reimaging all end user devices, and rebuilding clean networks.” concludes the letter. “CMG takes the protection of personal information seriously and is committed to answering any questions that your office may have.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]