The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports.
“On July 20, 2023, Stylebooks.com notified us that AP Stylebook customers had received phishing emails directing them to a fake website that imitated AP Stylebook to provide updated credit card information,” the AP said. “APS immediately engaged a cyber forensics firm to investigate the incident. The firm reported that personal information of customers whose information was stored on the old AP Stylebook website had been accessed by an unauthorized third party between July 16 and July 22, 2023, and that the phishing emails had been sent to those customers.”
The AP said in a letter to the impacted customers, “Our investigation determined that the personal information affected included your name, email address, street address, city, state, zip code, phone number, and User ID. AP Stylebook had also requested Tax Exempt IDs, where applicable, when customers made a purchase, and our records show that you submitted a 9-digit number. Because we cannot rule out that the 9-digit number you provided in response to that request is a Social Security Number or a Taxpayer ID, we have decided to proactively let you know that your Social Security Number or Taxpayer ID may have been accessed and acquired by third parties as a result of this incident.”
BleepingComputer notes, “While this was not a significant data breach, with only 224 customers impacted, the login credentials for journalists and media companies are highly sought after by cybercriminals. Gaining access to the network of a media company could lead to a wide variety of attacks, including extortion and ransomware attacks, data theft, and cyber espionage.”
New-school security awareness training can enable your employees to thwart targeted phishing attacks by teaching them how to recognize social engineering tactics.
BleepingComputer has the story.
