November 1, 2024

Metropolis employee passport and bank details compromised in cyberattack

The Viz and Nursing Times publisher is latest media company to be targeted by hackers.

The passports, bank details and National Insurance numbers of some current and former Metropolis employees have been compromised in a cyberattack.

Robert Marr, the chief executive of parent company Metropolis Group, emailed staff this week to inform them attackers had “managed to penetrate some of our systems” the week before.

Metropolis employs 500 staff across a group of B2B and specialist media brands including Nursing Times, Property Week and Viz.

The hackers, Marr wrote, accessed and extracted data from two servers “which had a number of shared folders on them”, some of them containing personal information.

“This data includes copies of some payslips (which includes addresses, email addresses and NI numbers), some bank account details (number and sort code), copies of some passports, some driving licences, some HR correspondence and documents, expression of wishes forms, CVs,” Marr said.

Select and enter your email address

Future of Media

Weekly insight into the big strategic issues affecting the future of the news industry. Essential reading for media leaders every Thursday.

Press Gazette Daily

Your morning brew of news about the world of news from Press Gazette and elsewhere in the media. Sent at around 10am UK time.

Future Of Media USA

Our weekly dose of strategic insight about the future of news media aimed at US readers.

Marketing Matters

A fortnightly update from the front-line of news and advertising. Aimed at marketers and those involved in the advertising industry.

Your email address

Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

Thanks for subscribing.

He added that Emap believes it has “now identified and isolated the threat” and work continues to ensure the company’s servers and other computers are free of malware. A “leading global cyber incident response provider” has been brought in to assist, Marr said.

But the hack creates a risk that the personal data may become public “and that third parties may attempt to use personal data for identity fraud or credit and bank fraud purposes, or to access accounts or reset passwords”.

Metropolis told Press Gazette: “We take data security extremely seriously. Last week we were alerted to a potential data incident. We immediately engaged our IT security advisors and our managed cybersecurity software partner, and worked with a leading global cyber incident response provider to ensure our data was protected. We informed the Information Commissioner’s Office and the National Crime Agency.

“This was a sophisticated cyber attack. The cyber attackers failed to encrypt our systems, which was probably their aim. We have since identified that they penetrated a part of our system which may include some personal data and on a precautionary basis have contacted those who may have been potentially affected. Our operations continue as normal.”

Cyberattackers may attempt to encrypt data on a computer system in order to ransom the sealed files back to the victim.

How often are news publishers targeted in cyberattacks?

News publishers are regularly targeted by cyberattackers in part because they are particularly vulnerable. News outlets often have substantial digital supply chains, creating more opportunities for hackers.

The public-facing position of publishers and the potentially sensitive information they host in their systems can also make them targets for state-sponsored hackers.

In the 2024 “State of Ransomware” report from cybersecurity service Sophos, 62% of IT leaders at “media, leisure and entertainment” businesses reported their company had been the target of a ransomware attack in the last year. The median ransom demanded was $1.2m and the median amount paid was $946,000. Of those successfully targeted, 69% paid the ransom.

In August French news agency AFP announced it had come under cyberattack from an unknown source, impacting its IT systems and “affecting part of its delivery service to clients”. Regional publisher Newsquest was unable to publish stories at some of its sites following a cyberattack in December, and The Guardian was subject to a major ransomware attack at the end of 2022 which, like the Emap attack, compromised staff bank details and passport numbers.

Earlier this year cybersecurity experts told Press Gazette the best things publishers could do to minimise their cyberattack risk were:

Keeping all software up to date
Using multi-factor authentication, with pass phrases or complex passwords, on all accounts
Regular staff training, ideally with spoof phishing attempts
Advising staff caution on the sharing of personal information online which could be used for impersonation or “social engineering”.

Topics in this article : Emap , Metropolis

Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog

Bron Maher

@bron_maher

Bron Maher is Press Gazette's senior reporter, covering US and UK media. He joined Press Gazette in November 2021 from Newsguard, a US start-up that reviews how far news sites adhere to journalistic standards.