The Associated Press (AP) recently issued a warning to users of a popular writing style guide, cautioning them about phishing attacks that have affected their personal information. This data breach has raised concerns over the security of sensitive data and highlights the need for heightened cybersecurity measures.
Background
The compromised personal information was stored in a database that was accessible on an old AP Stylebooks website. Although the website was no longer in use, it remained available online and was maintained by an external service provider, Stylebooks.com. This arrangement inadvertently exposed the stored personal information to unauthorized access.
Security incident
As a result of this security incident, the personal information of AP Stylebook’s customers stored on the outdated website was unlawfully accessed by an unauthorized third party. This breach implies that the compromised data may have been acquired by malicious actors for potentially nefarious purposes.
Discovery through phishing emails
The discovery of this security incident was the result of vigilant users who promptly alerted Stylebooks.com about suspicious phishing emails they had received. These fraudulent emails directed recipients to a counterfeit AP Stylebooks website that requested credit card details, raising suspicion and revealing the unauthorized access.
Timeline of the incident
Investigations into the breach have determined that the threat actor gained access to the old AP Stylebooks website during a specific timeframe. The incident occurred between July 16 and July 22, 2023, highlighting the importance of constant monitoring and timely detection of cyber threats.
Affected personal information
The personal information compromised in this breach includes the names, email addresses, street addresses, cities, states, zip codes, phone numbers, and User IDs of AP Stylebook customers. Additionally, it was discovered that when customers made purchases, the AP Stylebook website had also requested Tax Exempt IDs, where applicable. The records indicate that individuals who submitted a 9-digit number as a response may have exposed their Social Security Number or Taxpayer ID.
Potential exposure of Social Security numbers or taxpayer IDs
Considering the submission of a 9-digit number that corresponds to a Tax Exempt ID, the AP cannot rule out the possibility of inadvertent exposure of Social Security Numbers or Taxpayer IDs. This revelation raises concerns regarding the potential misuse and exploitation of this highly sensitive information.
Actions taken by AP
Upon discovering the phishing emails and unauthorized access to personal information, the AP promptly alerted all affected individuals. In an effort to safeguard their impacted customers, the AP is offering 24 months of complimentary credit monitoring and identity restoration services. These services aim to mitigate any potential long-term consequences of the data breach.
Impact and Targeting
While the incident impacted a relatively small number of individuals, approximately 224, it is important to note that journalists, in particular, are highly sought-after targets for cyber espionage. The nature of their work and access to sensitive information make them attractive targets for malicious actors. This incident highlights the urgent need for journalists and media organizations to prioritize robust cybersecurity measures.
The recent phishing attacks on users of a popular writing style guide underscore the importance of remaining vigilant in safeguarding personal information. The breach serves as a reminder that even seemingly dormant websites can pose significant security risks if not adequately maintained. Organizations must prioritize comprehensive cybersecurity measures to protect user data, and individuals must remain cautious and proactive in monitoring their online presence. By taking these steps, we can help ensure the security and privacy of personal information in an increasingly digital age.