The Dow Jones firm confirmed data breach of 3,500 Users

The Dow Jones firm confirmed to have suffered a data breach, payment card and contact info for less than 3,500 users have been exposed.

At the end of the last week, the CEO of Dow Jones & Co disclosed a data breach affecting 3,500 people in a letter to customers.

Dow Jones is a media company owned by Rupert Murdoch’s News Corp which owns the Wall Street Journal.

The incident appears similar to one recently affected the Online stock brokerage Scottrade last week which impacted 4.6 million investors.

In his letter to the customers, Dow Jones Chief Executive William Lewis explained that in late July his company has been notified by the law enforcement about the potential data breach.

The Dow Jones & Co. immediately started its investigation, it discovered that threat actors accessed the customer database, but it is not clear if the intruders have exfiltrated the data.

The company confirmed it discovered unauthorized access to its customer payment system system.

The investigators believe that the attackers were searching for contact information of current and former Dow Jones subscribers, whom records include name, addresses, email addresses, and phone numbers.

The intrusion occurred between August 2012 and July 2015.

“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen. We are sending those individuals a letter in the mail with more information about the support we are offering. If you do not receive such a letter, we have no indication that your financial information was involved,” the letter states.

Is it an isolated incident?

According to the investigators, the data breach appears to be part of a larger campaign targeting “a number of other victim companies.”

“We understand that this incident was likely part of a broader campaign involving a number of other victim companies and is part of an ongoing investigation.” the letter continues.

The security experts fear that threat actors are managing a long term campaign against companies like the Dow Jones & Co and Scottrade, if this assumption holds true, then it is likely that other data breach will be disclosed by investigators in the coming months.

Pierluigi Paganini

(Security Affairs – Dow Jones, Data Breach)