Cox Media Group Confirms Ransomware Attack That Took Down Broadcasts
American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021.
The company acknowledged the attack in data breach notification letters sent today via U.S. Mail to over 800 impacted individuals believed to have had their personal information exposed in the attack. The group first informed potentially affected individuals of the incident via email on July 30.
“On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious threat actor,” the broadcasting company said.
“CMG discovered the incident on the same day, when CMG observed that certain files were encrypted and inaccessible.”
Personal info exposed, but not stolen
Cox Media Group immediately took down systems offline after the attack was detected and reported the incident to the FBI after starting an investigation with the help of external cybersecurity experts.
The media company found proof that the attackers harvested personal info stored on the breached systems. While they also tried to exfiltrate this data outside of CMG’s network, there is no evidence that they were successful in their attempt.
CMG found no evidence of identity theft, fraud, or financial losses impacting potentially affected individuals stemming from this incident since the June ransomware attack.
Personal information exposed during the attack includes names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials, stored for human resource management purposes.
Ransom demand ignored
“CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident. There has been no observed malicious activity in CMG’s environment since June 3, 2021,” CMG added.
The company has also taken several steps to improve its systems’ security since the incident to detect and block avoid further breach attempts.
“These steps include multi-factor authentication protocols, performing an enterprise-wide password reset, deploying additional endpoint detection software, reimaging all end user devices, and rebuilding clean networks,” CMG explained.
CMG is a broadcasting, publishing, and digital media services company created by merging Cox Newspapers, Cox Radio, and Cox Television in 2008.
Its operations include 33 television stations (including primary affiliates of ABC, CBS, FOX, NBC, and MyNetworkTV), 65 radio stations, as well as more than 100 news outlets.
Cox Media Group has not yet returned a request for comment made by BleepingComputer in June, right after the attack.