The financial information firm Dow Jones & Company announced late last week that it’s the latest in an exhaustive list of companies this year to report a data breach.
The News Corp.-owned company informed customers Friday that hackers managed to infiltrate their system in an apparent attempt to gather contact information on current and former subscribers.
The letter Dow Jones sent to customers (.PDF) – as most data breach letters tend to be however – is a little vague when it comes to details.
While the company’s Chief Executive Officer William Lewis insists there’s no direct evidence any information was stolen, he also claims that payment card and contact information for fewer than 3,500 customers may have been accessed.
What isn’t revealed by Lewis, but instead, a F.A.Q. appended to the letter, is that the attackers may have had access to the company’s systems as far back as August 2012, until July of this year.
At first glance the breach shares a few similarities with a compromise that another financial information services company, Scottrade, disclosed two weeks ago.
Like Scottrade, the officials at Dow Jones believe the point of the breach was to siphon up reams of customer contact information to facilitate fraudulent solicitations later down the line. Also similar to Scottrade, Dow Jones claims it wasn’t until federal law enforcement notified the company in July about “potential unauthorized access” that it began investigating the breach.
“We understand that this incident was likely part of a broader campaign involving a number of other victim companies and is part of an ongoing investigation,” Lewis said, hinting at a possible connection between the attackers, Dow Jones, and several other companies.
The $5 billion company is warning customers to be on the lookout for phishing attacks, or any other suspicious solicitations for personal information that are usually synonymous with data breaches like this, especially those that target contact information.
The firm claims it will offer free identity protection services to affected users, but plans to outline what exactly those services entail in personal letters to victims.