SC

The Post And Courier Got Hacked …

… and waited a long, long time to tell anybody about it.

Getting your Trinity Audio player ready...

Two weeks ago – on July 8, 2024 – the parent company of The (Charleston, S.C.) Post and Courier posted a “notice of data event” on its website. You’re forgiven if you missed this missive, because it wasn’t prominently featured by the increasingly left-of-center, pro-status quo outlet.

Nor was it emailed to the paper’s subscribers …

Nor was the “event” reported on by any one of its army of “journalists …”

Most people still haven’t heard about it.

“As a subscriber, I have yet to receive a notification,” one regular reader of the paper told us this afternoon (July 23, 2024).

According to its neatly tucked away notice, the “event” in question – a massive ransomware hack – was first detected by the paper’s parent company, Evening Post Publishing, on March 20, 2024. More than a hundred days later, on July 8, the paper began mailing “notification letters to individuals whose information may have been affected by the event and for whom it has a postal address.”

Mailing?

The problem? Well … the first of many problems? The paper’s March 20 detection of this ransomware incursion came six days after hackers purportedly working for the BlackSuit collective first infiltrated the company’s network – and made off with a trove of sensitive data.

***

Where should you invest your political capital? Our FITSNews Political Stock Index has got you covered!

***

Oh, and the detection took place a staggering 110 days (or nearly a third of a year) before the paper “notified” its customers – via the aforementioned buried web notice (and snail mail).

“Our network was subject to unauthorized access between March 13 and March 20, 2024,” the publication’s parent company belatedly acknowledged, adding “certain files were acquired by an unknown actor while on the network.”

What sort of files?

“Some of the affected files contained sensitive information related to individuals,” it stated.

Uh-oh …

What sort of “sensitive” information?

“The type of information varies per individual but may include some or all of the following: name, Social Security number, date of birth, passport number, financial account information, credit card information, and driver’s license number,” the notice continued.

Egad, people. Egad.

The scope of this breach is one thing. The delayed, under-the-radar reaction by the paper and its parent company? That’s something else entirely …

***

RELATED | 2012 DATA BREACH SUSPECT IDENTIFIED

***

Believe it or not, this massive ransomware hack was actually reported on more than three months ago by DataBreaches.Net, a website whose staff discovered that the Evening Post had been added to BlackSuit’s “leak site” on April 15, 2024.

According to the publication, BlackSuit claimed its hackers had breached the Evening Post’s network “and stayed there for over two weeks.” DataBreaches‘ article detailing the incident was published on April 17, 2024 – 82 days before the Evening Post alerted its customers via the data notice.

According to DataBreaches, hackers purportedly entered the network “through unpatched weak spots discovered on one of the company servers” – meaning they did not use encryption in their attack. After gaining access to the network, they insist they were “never kicked out.”

The ransomware gang boasted of exfiltrating 500 gigabytes of data – way more than they expected to obtain.

“The amount of leaked data was above our expectations,” a BlackSuit spokesperson reportedly told DataBreaches.

In addition to Post and Courier records, BlackSuit purportedly claimed its “exfiltration” also made off with data from the following Evening Post incorporations …

  • Aiken SC News
  • Evening Post Industries
  • Evening Post Publishing
  • Evening Post Books
  • Courier Square LLC
  • Post and Courier Advertising

So … what happened next?

“The day after Post and Courier was accessed, someone representing the paper showed up in chat to begin negotiations,” DataBreaches reported. “They did not give their name or position.”

When the hackers reportedly demanded $1.7 million in ransom, per the report, the paper’s negotiator insisted “they couldn’t pay that amount.”

“At one point, the paper’s negotiator claimed their bank denied their application for a loan for the total amount,” DataBreaches reported.

“Why do you need that bank loan if you are a part of Evening Post Industries?” BlackSuit’s negotiator is said to have responded. “Your parent company should help you to get out of this situation, because there is a lot of personal data leaked from your network and it would not be good for the parent company and its investment/real estate business in case the leaked data went public, right?”

Support FITSNews … SUBSCRIBE!

***

Here is where it gets very interesting …

According to DataBreaches, on April 6, 2024 “the paper’s negotiator requested a discount” as a sign of good faith.

“We don’t want to involve anyone else and would like to keep this as in house as possible,” the negotiator wrote, per the DataBreaches report. “If you lowered your price it would go a long way for us being able to pay it.”

The hackers allegedly cut their price in half … but gave the paper 48 hours to pay it.

“This is a step in the right direction but we still cant accept, especially within 48 hours,” the negotiator responded, per DataBreaches. “We’re currently discussing our options internally and we’ll advise on what those may be.”

At this point, according to the website, negotiations between the two parties ended.

The Evening Post’s notice did not reference a ransomware attack. It did not discuss there having been any negotiations with the hackers. Most importantly, it failed to provide any explanation for the company’s unconscionable delay in reporting the incident to its customers.

By comparison, the state of South Carolina received merciless criticism from the media – including the Post and Courier – in the aftermath of a data breach back in 2012. And that was after government delayed reporting by less than three weeks.

“This wasn’t simply a failure of security,” the paper editorialized in response to a retrospective on the state government breach published in 2022. “It was a failure of governance.”

Yeah … pot, meet kettle.

“The confidentiality, privacy, and security of information in our care is among our highest priorities,” the company’s notice stated.

Meanwhile, its parent company’s “pillars of success” purport to place the “customer first” – and to “take ownership of the customer experience from beginning to end.”

Really?

Could have fooled us …

Count on this media outlet to keep our audience in the loop as news of this data breach spreads. And certainly, in keeping with our open microphone policy, we welcome any response the Post and Courier might wish to share with our readers.

***

ABOUT THE AUTHOR …

(Travis Bell Photography)

Will Folks is the founding editor of the news outlet you are currently reading. Prior to founding FITSNews, he served as press secretary to the governor of South Carolina and before that he was a bass guitarist and dive bar bouncer. He lives in the Midlands region of the state with his wife and eight children.

***

WANNA SOUND OFF?

Got something you’d like to say in response to one of our articles? Or an issue you’d like to address proactively? We have an open microphone policy! Submit your letter to the editor (or guest column) via email HERE. Got a tip for a story? CLICK HERE. Got a technical question or a glitch to report? CLICK HERE.

***

Get our newsletter by clicking here …

*****

Related posts

SC

Beaglemania: Sixty Dogs Seized In South Carolina Roundup

Andrew Fancher
SC

S.C. Supreme Court: Catholic Church Could Be Liable For More Sex Abuse Claims

FITSNews
SC

South Carolina Democrat Proposes Income Tax Elimination

Dylan Nolan

2 comments

E Prioleau Alexander Top fan July 23, 2024 at 10:07 pm

I am so so so so so surprised,
Great piece, Will

Reply
RC July 24, 2024 at 10:57 am

When I read this I wondered, why would a paper have subscribers’ SSNs, DL #s, etc. From the Data Breaches article:

“The information allegedly included employees’ Social Security Numbers, passports, driver’s licenses, and other documents. Subscriber data allegedly includes credit card payment information, postal and email addresses, and contact information.”

Note that Will did not make this distinction and lumped it all together.

Reply

Leave a Comment