Dow Jones & Company Latest Financial Information Firm Hit With Data Breach

The financial firm Dow Jones & Company announced late last week that it’s the latest in an exhaustive list of companies this year to report a data breach.

The financial information firm Dow Jones & Company announced late last week that it’s the latest in an exhaustive list of companies this year to report a data breach.

The News Corp.-owned company informed customers Friday that hackers managed to infiltrate their system in an apparent attempt to gather contact information on current and former subscribers.

The letter Dow Jones sent to customers (.PDF) – as most data breach letters tend to be however – is a little vague when it comes to details.

While the company’s Chief Executive Officer William Lewis insists there’s no direct evidence any information was stolen, he also claims that payment card and contact information for fewer than 3,500 customers may have been accessed.

What isn’t revealed by Lewis, but instead, a F.A.Q. appended to the letter, is that the attackers may have had access to the company’s systems as far back as August 2012, until July of this year.

At first glance the breach shares a few similarities with a compromise that another financial information services company, Scottrade, disclosed two weeks ago.

Like Scottrade, the officials at Dow Jones believe the point of the breach was to siphon up reams of customer contact information to facilitate fraudulent solicitations later down the line. Also similar to Scottrade, Dow Jones claims it wasn’t until federal law enforcement notified the company in July about “potential unauthorized access” that it began investigating the breach.

“We understand that this incident was likely part of a broader campaign involving a number of other victim companies and is part of an ongoing investigation,” Lewis said, hinting at a possible connection between the attackers, Dow Jones, and several other companies.

The $5 billion company is warning customers to be on the lookout for phishing attacks, or any other suspicious solicitations for personal information that are usually synonymous with data breaches like this, especially those that target contact information.

The firm claims it will offer free identity protection services to affected users, but plans to outline what exactly those services entail in personal letters to victims.

Suggested articles

Discussion

  • James Dawn on

    I was formerly a Scottrade customer and part time intern at the St. Louis campus - and I can not say I am surprised that this happened. Scottrade's customer support has always been horrendous with managers placing emphasis on an unwritten policy to not deal with any dispute if it requires significant resources. Managers have cut the Scottrade support staff to a minimum and instructed employees that if a customer is not satisfied - "force them to use arbitration". The corporate culture is all about profit - not a minute is dedicated towards customer satisfaction. In terms of cybersecurity, Scottrade is at best below par, at worst, utterly incompetent. I have now moved to the Cybersecurity business and have analyzed complaints against Scottrade as well as their statements in an effort to research the industry. To say the least, I found some very disturbing things. Like others has mentioned, it took Scottrade more than two years to discover the breach, they refuse to give details, and do not provide retroactive identity theft coverage - but there is much more. 1.) If you Google "scottrade muckrock" you will see that a number of complaints submitted to the SEC and forwarded to Scottrade have directly reported the failed cybersecurity infrastructure and corporate ignorance. If you file FOIA requests with the SEC you can obtain more information. 2.) An associate of mine was a victim of an "account takeover" in 2013. His Scottrade account was hacked and over 800,000 dollars was stolen. Scottrade refused to acknowledge the fraud and claimed on numerous occasions that their cyber systems are "flawless". 3.) Also reading complaints about Scottrade and researching their computer networks, there are STILL security vulnerabilities in Scottrade's systems that allow fraudulent ACH transfers, fake account, and market manipulation. To everybody that has decided to leave Scottrade - Good for you. To everybody that is deciding whether to go elsewhere - There are numerous other options available, choose somebody that offers two factor authentication, that is generally an indicator that they at least have a half-way competent cybersecurity department. To everybody that is still doing business with Scottrade - If things go south, expect Scottrade to blackball you in an effort to protect their profits and avoid liability.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.