Possible Cyberattack Disrupts The Philadelphia Inquirer
A possible cyberattack on The Philadelphia Inquirer disrupted the newspaper’s print operation over the weekend and prompted it to close its newsroom through at least Tuesday, when its staff will be covering an expensive and fiercely contested mayoral primary.
Elizabeth H. Hughes, the publisher and chief executive of The Inquirer, said that the newspaper discovered “anomalous activity on select computer systems” on Thursday and “immediately took those systems offline.”
But The Inquirer was unable to print its regular Sunday edition, the newspaper reported. Instead, print subscribers received a Sunday “early edition,” which went to press on Friday night. The newspaper also reported on Sunday that its ability to post and update stories on its website, Inquirer.com, was “sometimes slower than normal.”
The Monday print editions of The Inquirer and The Philadelphia Daily News, which The Inquirer also publishes, were distributed as scheduled, Evan Benn, a company spokesman, said.
But employees will not be permitted to work in the newsroom at least through Tuesday because access to The Inquirer’s internet servers has been disrupted, Ms. Hughes said in an email to the staff on Sunday evening that was shared with The New York Times.
Ms. Hughes said that the company was looking for a co-working space for Tuesday, when The Inquirer will be covering a closely contested Democratic primary that is all but certain to determine the next mayor of Philadelphia — the largest city in Pennsylvania, a presidential swing state.
“I truly don’t think it will impact it at all, short of us not being able to be together in the formal newsroom,” said Diane Mastrull, an editor who is president of The Newspaper Guild of Greater Philadelphia, the union that represents reporters, photographers and other staff members at The Inquirer. “Covid has certainly taught us to do our jobs remotely.”
She said on Monday that the newspaper’s content management system, which staff members use to write and edit stories, was “operating with continued workarounds.”
“I would not use the word ‘normal,’” Ms. Mastrull said.
Ms. Hughes said that The Inquirer had notified the F.B.I. and had “implemented alternative processes to enable publication of print editions.”
The newspaper was also working with Kroll, a corporate investigation firm, to restore its systems and to investigate the episode, Ms. Hughes said.
The Inquirer, in its news story on the “apparent cyberattack,” said it was the most significant disruption to the publication of the newspaper since January 1996, when a major blizzard dropped more than 30 inches of snow on Philadelphia.
The newspaper reported that Ms. Hughes, citing a continuing investigation, had declined to answer detailed questions about the episode, including who was behind it, whether The Inquirer or its employees appeared to have been specifically targeted, or whether any sensitive employee or subscriber information might have been compromised.
In an email on Monday, Mr. Benn, the company spokesman, said: “As our investigation is ongoing, we are unable to provide additional information at this time. Should we discover that any personal data was affected, we will notify and support” anyone who might have been affected.
Special Agent E. Edward Conway of the F.B.I. field office in Philadelphia said that while the agency was aware of the issue, it was the bureau’s practice not to comment on specific cyber incidents. “However, when the F.B.I. learns about potential cyberattacks, it’s customary that we offer our assistance in these matters,” Mr. Conway said in an email.
Ms. Mastrull, who was working as an editor over the weekend, said that staff members had noticed on Saturday that they could not log on to the content management system.
They were given a workaround, she said, but the process created “very, very difficult working conditions” as the staff covered the last weekend of campaign events before the primary, Taylor Swift concerts at Lincoln Financial Field and Game 7 of the Eastern Conference semifinals between the Boston Celtics and the Philadelphia 76ers.
Employees were “a little concerned that there weren’t enough protections against this, and very frustrated that the company’s communication was lacking specifics,” Ms. Mastrull said.
In 2018, The Los Angeles Times said that a cyberattack had disrupted its printing operations and those at newspapers in San Diego and Florida. Unnamed sources cited by The Los Angeles Times suggested that the newspaper might have been hit by ransomware — a pernicious attack that scrambles computer programs and files before demanding that the victim pay a ransom to unscramble them.
The Guardian reported that it was hit by a ransomware attack in December in which the personal data of staff members in Britain was compromised. The Guardian reported that the attack forced it to close its offices for several months.
In an email to the staff of The Inquirer on Sunday night, Ms. Mastrull summarized the day’s news and paid tribute to the staff members who covered it, “despite a publishing system rendered virtually inoperable.”
“Now all we have to do is find some co-working space so we can cover a really important election Tuesday,” she wrote. “Can’t keep us down!”