A bunch of high-net-worth individuals and stock traders are opening letters with the unwelcome message “we were breached” under the Dow Jones letterhead.
The Murdoch-owned company says it has notified 3,500 individuals that their personal data might have been accessed in a breach that dates back to August 2012. That's almost as many individuals as Ashley Madison had real women in its 35-million-record data breach.
With three years' worth of possible access to the company's systems, the attackers were either seeking quality over quantity, or rate as the least successful info-sec attackers in a long time.
In a letter published by stablemate The Wall Street Journal here, the company says: “It appears that the focus was to obtain contact information such as names, addresses, email addresses and phone numbers of current and former subscribers in order to send fraudulent solicitations.”
The subsidiary of Rupert Murdoch's News
hopes it's not the only victim says the incident was “likely part of a broader campaign involving other victim companies.”
“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen,” the letter says. Those individuals are being contacted directly by Dow.
The FAQ attached to the letter says users don't need to change their passwords because they were “encrypted” (El Reg sincerely hopes the company actually means “hashed” but doesn't want to confuse the non-tech).
The outfit says it's working with law enforcement after the three-year breach. ®