Dow Jones says 3,500 subscribers impacted On Friday, in a letter to customers, the CEO of Dow Jones & Co. disclosed a data breach affecting 3,500 people. Based on public details, the incident seems similar to a breach reported by Scottrade last week that impacted 4.6 million investors.In his letter, Dow Jones Chief Executive William Lewis said that law enforcement officials informed the company about the potential breach in late July.After bringing in outside help, an investigation turned up a confirmation that the systems housing the customer data was accessed – but there is no proof that data was exfiltrated. The investigators also determined that the attackers had access to the system between August 2012 and July 2015.“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen. We are sending those individuals a letter in the mail with more information about the support we are offering. If you do not receive such a letter, we have no indication that your financial information was involved,” the letter states. The incident appears to be part of a larger campaign involving “a number of other victim companies” the letter goes on to add. Investigators feel that the focus of the attack was the contact information of current and former Dow Jones subscribers, such as names, addresses, email addresses, and phone numbers.Last Friday, Scottrade Inc. alerted the public to a data breach that affected 4.6 million people. As was the case with Dow Jones, Scottrade wasn’t aware of any problems prior to law enforcement notification. According to an email sent by Scottrade, law enforcement discovered the breach while investigating other data-theft cases.The brokerage firm says that the incident took place between late 2013 and early 2014, warning that both current and former customers were affected. Once again, the attackers were targeting contact information.If the assumption of a larger campaign holds true, then the Dow Jones & Co. breach is likely related to the Scottrade breach that was disclosed last week. If so, then the attackers behind both incidents have been at this for a long time, and there are going to be additional related breach disclosures in the coming weeks. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe