The Philadelphia Inquirer and outside cybersecurity experts have yet to determine the full extent of a cyberattack on the news organization last week, but the disruption won't affect coverage of the hotly contested mayoral primary election Tuesday.
Lisa Hughes, The Inquirer's publisher and chief executive, declined to say how seriously the cyberattack affected The Inquirer's systems while the investigation continues. The attack prevented the publication of the regular Sunday print edition; subscribers received the early edition composed on Friday evening.
The attack is The Inquirer's most significant publication disruption since a blizzard in 1996. With Inquirer offices closed as a precaution, staffers worked from home Monday as they did through the pandemic. But this time, they had to use workarounds to access publishing software and business systems. The Inquirer published a print edition Monday, but without classified ads, including death notices, which are expected to return to the newspaper Wednesday.
News staffers covering Tuesday's election will work together at a temporary newsroom in Center City. The cyberattack affected internet servers and the effort to restore them requires systems to intermittently be turned off, Hughes said. The newsroom is expected to reopen Wednesday.
The cyberattack gained international attention, with CNN, Fortune, the New York Times, Associated Press, and the Guardian reporting on the news.
Who committed the attack, how they accessed The Inquirer's systems, what was targeted, and whether this was a result of ransomware remains unclear. News organizations, including the Los Angeles Times and the Guardian have been victims of ransomware, software that freezes systems until the organization pays the perpetrators, in recent years.
Hughes declined to say Monday whether The Inquirer received a ransom demand or whether the individual or group responsible for the attack contacted the news organization.
The Inquirer notified the FBI of the attack, Hughes said. The federal law enforcement agency has said it typically does conduct an investigation when notified of a cyberattacks but declined to comment further Monday.
An outside cybersecurity forensic specialist, Kroll, is also investigating the cyberattack.
The NewsGuild of Greater Philadelphia, which represents about 270 Inquirer staffers, expressed concern about the security of Inquirer workers' personal information, said Diane Mastrull, the guild's president.
Hughes said that this issue is being investigated. "Should we discover that any personal data was affected, we will notify and support affected individuals," she said in an emailed statement.
"I totally get how complicated this is, and how complex this is, and how finding answers to what happened is probably very, very difficult," Mastrull said. "That does not relieve the anxiety that employees have over whether or not personal information was compromised."
Mastrull, who is also The Inquirer's weekend editor, was on duty when staff first realized Saturday the paper's content management system wasn't working. She edited the news organization's first two stories about the cyberattack.
The disruption, which was first identified Thursday by Cynet, a vendor that handles The Inquirer's network security, came in the midst of a weekend stacked with major news events.
"We had an enormous amount of news this weekend with Taylor Swift being in town for three nights, the Sixers in a pivotal Game 7, and mayoral candidates on their last push," Mastrull said.
Attacks like the one that targeted The Inquirer could stem from a wide range of motives, including an effort to obtain reporters' notes or files, leak sensitive information, plant misinformation, or simply to cause chaos.
The Inquirer has monitoring software on company-owned equipment, and performs regular audits, Hughes has said. She did not say Monday, though, whether those precautions monitored the route the attackers used to access The Inquirer's systems.
Hughes did warn staff to be wary of any unfamiliar file extensions, which can open the door to hackers.
2023 The Philadelphia Inquirer, LLC.
Distributed by Tribune Content Agency, LLC.