Categories: Breaking NewsCyber CrimeData BreachHacking

The Dow Jones firm confirmed data breach of 3,500 Users

The Dow Jones firm confirmed to have suffered a data breach, payment card and contact info for less than 3,500 users have been exposed.

At the end of the last week, the CEO of Dow Jones & Co disclosed a data breach affecting 3,500 people in a letter to customers.

Dow Jones is a media company owned by Rupert Murdoch’s News Corp which owns the Wall Street Journal.

The incident appears similar to one recently affected the Online stock brokerage Scottrade last week which impacted 4.6 million investors.

Part of a news headline announcing that News Corp. has offered to buy Dow Jones for $60 a share is displayed on an electronic “zipper” under the Dow Jones logo in Times Square in New York on Tuesday, May 1, 2007. (AP Photo/Peter Morgan)

In his letter to the customers, Dow Jones Chief Executive William Lewis explained that in late July his company has been notified by the law enforcement about the potential data breach.

The Dow Jones & Co. immediately started its investigation, it discovered that threat actors accessed the customer database, but it is not clear if the intruders have exfiltrated the data.

The company confirmed it discovered unauthorized access to its customer payment system system.

The investigators believe that the attackers were searching for contact information of current and former Dow Jones subscribers, whom records include name, addresses, email addresses, and phone numbers.

The intrusion occurred between August 2012 and July 2015.

“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen. We are sending those individuals a letter in the mail with more information about the support we are offering. If you do not receive such a letter, we have no indication that your financial information was involved,” the letter states.

Is it an isolated incident?

According to the investigators, the data breach appears to be part of a larger campaign targeting “a number of other victim companies.”

“We understand that this incident was likely part of a broader campaign involving a number of other victim companies and is part of an ongoing investigation.” the letter continues.

The security experts fear that threat actors are managing a long term campaign against companies like the Dow Jones & Co and Scottrade, if this assumption holds true, then it is likely that other data breach will be disclosed by investigators in the coming months.

Pierluigi Paganini

(Security Affairs – Dow Jones, Data Breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.