Update: The Guardian has admitted that the personal data of staff – including bank details, salaries, and passport numbers – have been compromised in a ransomware attack.
The title believes that subscriber and reader information has not been accessed.
Staff are continuing to be told to work from home as Guardian Media Group attempts to rebuild its systems from the ground up.
Original story, 3 January 2023: The Guardian is continuing to be severely impacted by a suspected ransomware attack which hit the publisher’s global IT systems on 20 December.
Guardian Media Group chief executive Anna Bateson sent a note on Monday, 2 January, saying that all staff must continue to work from home. Staff have been told to work remotely since the incident began.
Bateson said: “This is a further update on the serious disruption to our network and IT systems that began before Christmas. As a result of the steps we took to secure our network, a number of key systems have been taken offline and remain unavailable.
“To reduce strain on our networks and help the enterprise tech, ESD and other involved teams focus on the most essential fixes, everyone must work from home until at least Monday 23rd January in the UK, US and Australia, unless you are specifically asked to work from our offices.”
Ransomware attacks typically involve hackers gaining access to a company’s computer system and then installing software that encrypts every document and file which can be found. The hackers then demand payment, often in Bitcoin, in order to restore systems by providing the target with the encryption key.
At the time the incident was first reported, Bateson and editor-in-chief Katharine Viner told staff: “As everyone knows, there has been a serious incident which has affected our IT network and systems in the last 24 hours. We believe this to be a ransomware attack but are continuing to consider all possibilities.
“We are continuing to publish globally to our website and apps and although some of our internal systems are affected, we are confident we will be able to publish in print tomorrow. Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic.
“We will continue to keep our staff and anyone else affected informed. We will update everyone again at the end of the day. With a few key exceptions we would like everyone to work from home for the remainder of the week unless we notify you otherwise.
“Thank you to everyone working hard throughout this incident to keep us publishing, looking after our readers, supporters and advertisers, and to keep our core systems available for colleagues.”
The attack is believed to have taken out internal wifi systems but has not impacted print or digital publication.
He said: “Our preliminary analysis indicates that foreign government involvement may be associated with this activity, and that some data was taken.
“Mandiant [a cyber security firm hired to investigate] assesses that those behind this activity have a China nexus and believes they are likely involved in espionage activities to collect intelligence to benefit China’s interests.
“We will not tolerate attacks on our journalism, nor will we be deterred from our reporting, which provides readers everywhere with the news that matters,” he added.
News Corp said the attack had affected the business email accounts and documents of a “limited number of employees” inside its headquarters and across news technology services, Dow Jones, News UK and the New York Post.
Email firstname.lastname@example.org to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog