Online news website Guardian Australia has asked its staff to work from home until mid-January as it deals with the fallout of a cyberattack that hit its parent company, Guardian Media Group, just days before Christmas.
The publisher has asked the skeleton group of staff, who plan to continue working over the holiday period, to stay at home until January 9 as a precautionary measure, as the Guardian Media Group continues to grapple with the aftermath of what it says is a ransomware attack.
Guardian Media Group chief executive Anna Bateson and editor-in-chief Katherine Viner told staff on December 22 that publishing would continue despite the attack.
A Guardian Australia spokeswoman said the incident was serious and confirmed staff would work from home. “We believe this to be a ransomware attack but are continuing to consider all possibilities,” she said. “Our technology teams are working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic. We will continue to keep our staff and anyone else affected informed.”
The hack knocked out large chunks of The Guardian’s technology infrastructure, some of which is used by the Australian news team. But people familiar with the breach say hackers do not appear to have accessed customer data and the incident has had a minimal impact on the Australian market.
Guardian Australia can still publish articles online, but its offices in Sydney, Melbourne and Canberra are closed.
The publisher is the latest to join a growing number of businesses hit by cyber breaches caused by criminals and state actors. Optus and Medibank are still dealing with the impact of two major breaches that allowed hackers to steal the data of millions of customers. Other companies to be attacked recently include real estate group LJ Hooker and charity The Smith Family.
Nine Entertainment Co, publisher of The Sydney Morning Herald and The Age, was hit with a ransomware attack in March 2021.
The federal government has started to crack down on companies that experience cyberattacks frequently, passing a bill in November that increases the penalty for businesses that suffer repeated breaches, from 2.2 million to up to $50 million or 30 percent of adjusted turnover for the relevant period.