The Guardian has confirmed that it was the victim of a ransomware attack, and that the damage is more serious than first thought. In an update to staff, Guardian group chief Anna Bateson and newspaper editor-in-chief Katharine Viner said the December attack was "highly sophisticated" and accessed the personal data of UK employees. There was no evidence of the data being exposed online, or that the intruders had breached data for readers or non-UK editions.
Bateson and Viner understood that this was a "criminal" ransomware campaign, and that the perpetrators hadn't targeted The Guardian as a media outlet. The paper has alerted both police as well as the UK's Information Commissioner's Office. The leaders didn't identify the suspected culprits.
The fallout from the cyberattack has worsened. While The Guardian now expects some vital systems to return within two weeks, workers now won't return to the office until early February. That will give the IT team more time to restore infrastructure, the outlet said. Staff have largely been working from home since the attack was spotted on December 20th, but were originally told only to stay away from the office for the remainder of that week.
The company has continued to run its online and print publications in the weeks since. Even so, the confirmation still makes this one of the more serious online security incidents for the press in recent memory. Fast Company was knocked offline for eight days early last fall, while The New York Postfell prey to a rogue employee weeks later. The Guardian is still dealing with the consequences of the ransomware over three weeks later, and won't return to normality for a while yet.