New Zealand media company: Hackers directly targeting individuals after alleged data breach

Avatar

MediaWorks, a company based in New Zealand, says it is investigating an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments. 

The company, which has not yet publicly confirmed that a data breach has taken place, said in a statement on its website that the “claims relate to data from website competition entries.” These have now been moved “to a new secure database.” It’s unclear what the competition was.

According to the hacker — who announced they were attempting to sell the data on a cybercrime forum — the stolen material includes personally identifying information such as names, addresses, dates of birth and phone and email contact details.

MediaWorks has confirmed the database held “name, date of birth, gender, address, post code and mobile number” information, as well as in some cases images or videos uploaded as part of people’s entries to the competition.

Financial details, such as card numbers, and passwords are not believed to be affected.

“We take our data security seriously, and the technology team is investigating the potential incident with the support of external experts. We apologise and will provide more information as it becomes available,” the company added.

The office of New Zealand’s privacy commissioner said on Saturday it had not been notified of a breach, which is only legally required once an incident has been verified.

According to Radio New Zealand, individuals affected by the breach are being targeted for direct extortion by the perpetrator, who — as one recipient said — sent an email demanding $500 in bitcoin to delete the individual’s data before it was sold.

“We attempted to negotiate with MediaWorks by offering a very low price to have them secure the data, but unfortunately, they displayed a disappointing lack of concern and refused. Their dismissive attitude, treating the data as valueless, has led us to consider releasing it publicly” the hackers alleged in their email.

But the recipient noted the message was sent to far fewer than the number of data subjects whom the criminals claimed were affected.

“It’s only a hundred people, not 2.4 million, so I have no idea whether they have exaggerated the hack,” he told Radio New Zealand.

A spokesperson for MediaWorks told the broadcaster: “We are also aware that some individuals may have had direct approaches from the threat actor. Anyone with concerns can get in touch with our privacy office at [email protected].”

IndustryCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Pennsylvania’s Scranton School District dealing with ransomware attack

Next Post

US is still chasing down pieces of Chinese hacking operation, NSA official says

Related Posts

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the
Avatar
Read More