Staffers, who spent Monday and Tuesday’s election night working from a substitute space, have been told little about the apparent attack, including whether their personal or professional information was compromised, said Diane Mastrull, president of newsroom union.
“We still are hobbled by this,” said Mastrull, who also works as a weekend editor at the Inquirer. “The company hasn’t given us a clear explanation of what happened.”
On Saturday, the newspaper informed employees that the regular edition of its Sunday newspaper would not be printed because of abnormal activity on its computer systems, the Inquirer reported. The next day, publisher and chief executive Elizabeth Hughes told staffers in an email that employees were prohibited from entering the newsroom until at least Tuesday, according to the Inquirer. That return date has since been pushed to Monday, May 22, according to Mastrull, who cited company communications to staffers.
Hughes told employees that Cynet, a cybersecurity vendor, alerted the newspaper last Thursday about the online activity, the Inquirer reported. The publication took the impacted systems offline, Hughes told employees, and is investigating with a technology company. The newspaper has also alerted the FBI, she said, according to the Inquirer.
“Our investigation into this matter is ongoing, and we will continue to keep our employees and readers informed as we learn more,” Hughes said in a statement to The Washington Post. “The security of our network and systems is a top priority. Based on the results of our investigation, we will take action as needed to help prevent a similar situation from occurring in the future.”
The apparent cyberattack is the most significant disruption to the Inquirer’s operations since a city-paralyzing blizzard in 1996. It also places the news organization in an unhappy fraternity of outlets that have experienced a disruptive — and sometimes costly — cyberattack, a group that includes Britain’s Guardian newspaper, Sinclair Broadcast Group, the New York Times and The Washington Post.
Mastrull said employees are “frustrated and frightened” by the lack of information on how their data might have been compromised and are exasperated by what reporters feel is a lack of communication and transparency from the publisher and executives.
The first bit of information that employees received was a one-paragraph statement that said “very little,” according to Mastrull. At first, it was understandable, since so little information was known. But frustration grew by Sunday when Inquirer reporters — put in the awkward position of having to cover their own newsroom — sent company executives 27 questions and were met with few answers apart from, “We don’t know; we’re still investigating,” she said.
“That’s when [reporters] were saying ‘you’ve got to be kidding me’ — that this is all the information we’re getting,” said Mastrull, who edited the weekend coverage, which took place remotely.
Mastrull notes that most of the Inquirer’s systems lacked two-factor authentication, the industry standard for thwarting hackers, which has been broadly embraced for several years.
“Employees have been wondering why nothing had been done and why we had to learn the hard way,” she said.
The apparent attack came amid a whirlwind of news in Philadelphia.
Last weekend, Taylor Swift performed in Philadelphia during a three-night stop on her Eras Tour, while on Sunday, the Philadelphia 76ers played an elimination game in the Eastern Conference semifinals. On Tuesday, the 76ers fired Coach Doc Rivers, and later that night, votes in the mayoral election were tallied. Former state lawmaker Cherelle Parker won the Democratic primary and — given Philadelphia’s electoral history that overwhelmingly leans Democratic — is expected to win the general election to become the city’s first female mayor.
Despite the newsroom and printing disruptions, Mastrull praised the Inquirer’s journalists for not allowing the chaos to affect their reporting.
Vice files for bankruptcy, the latest digital-media pioneer to fall
“We didn’t miss a beat. And that’s just extraordinary, because we were dealing with a crippled publishing system, and we continued to do what we’re in the business to do, which is serve readers,” Mastrull said.
Mastrull said that about 25 staffers were in a co-working space Wednesday, with others working remotely from home. The office is expected to reopen Monday with new software security systems installed, she said.
The Inquirer resumed publishing its regular print newspaper Monday, but classified ads, including death notices, were omitted until Wednesday’s paper out of caution, the paper reported.
The possible attack on the Inquirer is one of several against news publications in the past decade, including incidents that targeted The Post and The Times in 2013. In December 2018, a foreign cyberattack disrupted coverage at the Los Angeles Times and other Tribune newspapers. Most recently, The Guardian suffered a ransomware attack in December.