Amedia, a leading Norwegian media company, was exposed to a serious data breach resulting in the disruption of its services.
In a news release, the company revealed that on the night of Tuesday, December 28, 2021, several of Amedia’s central computer systems were shut down. A significant data breach by third party threat actors impacted Amedia’s central computer systems. The extent of the damage is yet to be ascertained, and the company has taken measures to contain the attack.
“The production of online newspapers is going as normal, but no paper newspapers will be published on Wednesday, December 29, 2021. This is because systems for publishing paper newspapers, advertisements, and subscription management do not work as normal,” said Amedia.
The company, a victim of data breach, is still getting clarity on the attack. “We are in the process of gaining an overview of the situation, but do not yet know the full potential for damage. We have already implemented comprehensive measures to limit the damage and to restore normal operations as quickly as possible,” shared Executive Vice President of Technology, Pål Nedregotten.
Nedregoten further added that they had got their resources together to address the problem and assess the damage’s extent.
Per the release, the attack is limited to the systems managed by Amedia’s central IT company, Amedia Teknologi. Amedia’s other systems are working normally.
Malware disrupts print production at @amedia_no, Norway’s largest publisher of local media titles. No mention of ransomware, but the company assumes customer data has been compromised. https://t.co/QNdJMahGRq
— Runa Sandvik (@runasand) December 28, 2021
As the breach directly impacted the central systems, the company had to shut it down to contain the spread of the breach. Consequently, the publishing house, which publishes one of the leading newspapers, had to stop its print production.
“The situation means that no paper newspapers will be published on Wednesday and until the situation is resolved,” Nedregotten said.
This has had direct, acute impact on the business. Advertisers and subscribers have been affected, and Amedia is facing a loss of brand credibility in the industry. The company has not been able to provide clarify the extent of the breach. It is still unclear if subscribers’ and employees’ credentials and personal information have been compromised.
“So far, there is no reliable information that this has happened, but it cannot be ruled out that it has happened anyway. The subscription system that has been attacked contains the name, address, telephone number and subscription form, and history of the subscribers. Other data such as ID password, read history, and information about bank cards, etc. are not affected,” opined Nedregotten.
The nature of the attack is serious, and the company is taking cognizance of the attack and aims to resolve the breach with minimum data exposure.
Data-Rich Media Sector
On June 3, 2021, American media company Cox Media Group (CMG) experienced a cyberattack in which the malicious threat actor encrypted the network servers and forced the systems to go offline.
Over 800 individuals were believed to have been impacted. Personal information exposed in the breach included names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials. The attack also resulted in disruption of its live TV streaming and radio broadcasts streams. As a security measure, the company took down the systems to mitigate the further spread of the threat.
Per Darktrace, the volume of sensitive data in use in the media and entertainment industry has exploded in recent years. The amount of data generated in an hour today was similar to the amount of data created in a year during the 2000s, and the figures for streaming and virtual events only continue to rise. It reveals that the average cost of a data breach in the entertainment sector is $4.1 million. There has been an 800 % increase in ransomware attacks from 2019 to 2021 and a 630 % increase in cloud-based cyber-attacks between January and April 2020.
The numbers are startling and are only growing, both in terms of industry growth and cyberattacks.