What Happened
In December 2022, specifically on December 20, British news organization The Guardian (Guardian Media Group) suffered a ransomware attack, likely initiated via a sophisticated phishing email, which compromised the personal information of its UK staff—nearly all of its 1,600 global workforce—including names, addresses, dates of birth, National Insurance numbers, salaries, bank details, and passport numbers. The incident disrupted internal IT systems, print production, payroll, and expenses, forcing staff to work from home until at least early February 2023, though online publishing and daily newspapers continued unaffected; no reader data or information from US/Australia staff was impacted, and no evidence emerged of data being exposed online. The Guardian notified the Information Commissioner’s Office per GDPR requirements, engaged cyber forensics experts for recovery, and described the attack as opportunistic criminal activity rather than targeted hacktivism, with no specific ransomware group identified.


