Post-ransomware attack, The Guardian warns staff their personal data was accessed

Graham Cluley
• @gcluley

Post-ransomware attack, The Guardian warns staff their personal data was accessed

Just a few days before Christmas, I broke news that The Guardian newspaper had suffered what turned out to be a ransomware attack, forcing staff to work from home.

Three weeks have now passed, and although the respected UK newspaper has continued to be published and its website remained online throughout, there isn’t just good news to report.

Yesterday, staff at the 200-year-old news organisation were sent an email that warned them that the ongoing investigation into the attack had uncovered that hackers had gained access to files containing staff’s personal information.

Part of an email sent to staff of The Guardian
Part of an email sent to UK staff of The Guardian

According to the email, data accessed includes:

  • names
  • addresses
  • dates of birth
  • National Insurance numbers
  • bank account details
  • salary information
  • and identity documents such as passports.

Yeuch.

EmailSign up to our newsletter
Security news, advice, and tips.

The Guardian informed its staff that it had “had seen no evidence that personal data has been exposed online, and so the risk is low. We are continuing to monitor for this.”

We realise this news may be very worrying for everyone, and we want to say how sorry we are for any anxiety this may now cause. But now that we have confirmed there is a risk, we will do everything we can to support staff…

The Guardian contacted the Information Commissioner’s Office (ICO) earlier this month to report the incident. Organisations are required to notify the ICO of any data breaches within 72 hours of becoming aware of it.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.