Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Dow Jones the latest big-name breach

3,500 of the one per cent get a nasty in the mail after three-year breach

A bunch of high-net-worth individuals and stock traders are opening letters with the unwelcome message “we were breached” under the Dow Jones letterhead.

The Murdoch-owned company says it has notified 3,500 individuals that their personal data might have been accessed in a breach that dates back to August 2012. That's almost as many individuals as Ashley Madison had real women in its 35-million-record data breach.

With three years' worth of possible access to the company's systems, the attackers were either seeking quality over quantity, or rate as the least successful info-sec attackers in a long time.

In a letter published by stablemate The Wall Street Journal here, the company says: “It appears that the focus was to obtain contact information such as names, addresses, email addresses and phone numbers of current and former subscribers in order to send fraudulent solicitations.”

The subsidiary of Rupert Murdoch's News hopes it's not the only victim says the incident was “likely part of a broader campaign involving other victim companies.”

“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen,” the letter says. Those individuals are being contacted directly by Dow.

The FAQ attached to the letter says users don't need to change their passwords because they were “encrypted” (El Reg sincerely hopes the company actually means “hashed” but doesn't want to confuse the non-tech).

The outfit says it's working with law enforcement after the three-year breach. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like