Radio Free Asia (RFA), a US-funded non-profit news service, has disclosed a large hack to Maine’s attorney general. The incident was not previously reported and affected nearly 4,000 people.
In a data breach notification sent to the authorities in the US state of Maine, RFA said it had detected the cyberattack in June, about 11 days after it occurred.
The document also said that nearly 3,800 people were affected by the cyber hit. Hackers stole addresses, driver’s licenses, passports, social security numbers, health insurance information, medical data, and “limited financial information.” It’s not clear whether the victims were all RFA employees.
“On June 28, 2022, we became aware of the Incident within our email system which indicated unauthorized access to a limited number of servers,” the organization said in a letter to victims.
“Out of an abundance of caution and immediately following detection, RFA took systems offline and took measures to address and contain the Incident including launching an investigation, engaging data privacy and security professionals, working with law enforcement, changing passwords, and migrating to a new cloud-based email environment.”
RFA admitted that the unauthorized access resulted from an exploit of a service provider’s vulnerability, unknown to the service at the time.
However, the organization stressed there was no evidence that the leaked information had been misused. The RFA spokesperson Rohit Mahajan told the Washington Post on Tuesday that they were never contacted by the hackers.
Mahajan also said that the agency notified relevant law enforcement and government agencies, including the US Agency for Global Media and the Cybersecurity and Infrastructure Security Agency.
As an added precaution, the victims were offered a complimentary 24-month credit monitoring through Equifax, an American consumer credit reporting agency.
RFA states that its mission is “to provide accurate and timely news and information to Asian countries whose governments prohibit access to a free press.” It provides news on Myanmar, Cambodia, China, Laos, North Korea, and Vietnam.
The service is not the first Western news outlet attacked this year. At the end of October, New York Post was hacked with offensive headlines targeting politicians, and in February, a hit on News Corp affected a number of units, including The Wall Street Journal and its parent Dow Jones.
Cybernews reported in June that China actively targeted its phishing campaigns on White House correspondents and Washington DC-based journalists immediately before the attack on the US Capitol Building on 6 January 2021.
More from Cybernews:
Subscribe to our newsletter