
- Looks at the wider privacy implications of the ransomware attack at The Guardian in December 2022.
- Considers similar phishing attacks where personal data has been seized by criminals.
- Argues companies targeted by cybercriminals have a responsibility to safeguard staff and discourage complacency regarding these attacks.
Hackers struck the Guardian Media Group on 20 December 2022. The cyberattack caused serious disruption to the media outlet’s business operations and involved the theft of a large quantity of personal data.
Go phish
The cyberattack on The Guardian involved phishing. A ‘phishing’ attack can be initiated where, for example, a hacker sends an email or text message to an employee of an organisation. This may include an innocent-looking website link or invitation for the recipient to open an attachment. Once the link is clicked, or the attachment opened, however, malicious software, such as ransomware, is then installed on the user’s system. Where