News Corp breach went undiscovered for two years

In February 2020, News Corp suffered a state-sponsored breach that went undetected until January 2022. The attackers accessed business documents and emails linked to a small group of employees, potentially compromising sensitive information such as Social Security numbers, names, and health insurance numbers. News Corp believes the attack was part of an intelligence-gathering mission by a threat group supported by the Chinese government. The nearly two-year dwell time was longer than average, and it is unclear why News Corp took over a year to reveal the breach's extent. "Two years to detect a breach is way above average," confirmed Julia O'Toole, CEO of MyCena Security Solutions. With attackers regularly gaining easy access to corporate networks through compromised credentials, we may continue to see these attacks. O’Toole adds: "Despite all the investment in threat detection tools, over 82% of breaches still involve compromised employee access credentials."