Hackers breach Philadelphia Inquirer ahead of Tuesday’s mayoral primary

It’s the paper’s biggest shutdown since 1996.

Tim Shaffer / reuters

This weekend, The Philadelphia Inquirer was hacked ahead of Tuesday’s Democratic mayoral primary. As a result, the newspaper had to cancel its Sunday edition, and it wasn’t clear until late Sunday afternoon that it could proceed with its Monday circulation. It’s the paper’s biggest disruption since 1996, when a blizzard that blanketed much of the eastern US made it impossible for staff to reach their offices. It isn’t yet known who is responsible for the cyberattack or if it was politically motivated. However, The Inquirer says it hired security company Kroll to investigate, in addition to notifying the FBI, which said, “It’s customary that we offer our assistance in these matters.”

Contracted security vendor Cynet first alerted The Inquirer about suspicious activity on Thursday, May 11th. Although that didn’t lead to any stoppages, the paper’s weekend crew noticed Saturday morning that it couldn’t access the publication’s content management system. Publisher Lisa Hughes hasn’t stated which systems the attackers breached, whether any employees were targeted or whether they accessed any confidential information. The newspaper says many of its internal systems don’t require multi-factor authentication.

Staff won’t be allowed into their offices through at least Tuesday as the investigation continues. Hughes said the company is looking into alternative workspaces for election coverage, which she stated would otherwise proceed as usual.

Philadelphia’s last Republican mayor was in 1947, meaning Tuesday’s Democratic primary will essentially decide the city’s next mayor. Polls indicate a tight race, with five of the nine candidates “within striking distance of first place,” reports FiveThirtyEight.

News organizations can be enticing targets for hackers, whether during election run-ups or not. Potential motives could include exposing sources, accessing reporters’ emails or Slack messages, publishing misinformation or delaying the publication of accurate information that could harm an individual or organization. “Depending on who’s got access, and what kind of access they have and what they do with it, you can go a lot of different ways,” Runa Sandvik, a cybersecurity expert specializing in media outlets, told the Philadelphia Inquirer. “But bottom line is that this is something that leadership does have to take into account and plan for and invest in. It’s not something that you can just secure overnight, and it’s not something you can just clean up overnight, either.”