Philadelphia Inquirer hit with cyberattack, unable to print

The Philadelphia Inquirer was hit by a cyberattack over the weekend, causing the biggest disruption to the daily newspaper’s operations in more than two decades and leaving it unable to print Sunday’s edition.

It was unclear what prompted the cyberattack, which began on Saturday morning.

Inquirer publisher Lisa Hughes said the news organization — which includes daily digital content and newspaper circulation — was “first alerted to the anomalous activity on Thursday, May 11, by Cynet, a vendor that manages our network security,” according to an announcement on The Inquirer’s site.

While there was no immediate interruption of publication on Thursday and Friday, weekend staffers were denied access to The Inquirer’s content-management system, the announcement reported.

By Saturday evening, company computers were taken offline and insider hacks were used to be able to continue posting articles to Inquirer.com.

But there were no workarounds for print editions.

Sunday’s newspaper was only available digitally, as an e-edition.


The Philadelphia Inquirer was hit by a cyberattack on Saturday, causing the most consequential disruption to its operation in 27 years.
The Philadelphia Inquirer was hit by a cyberattack on Saturday, causing the most consequential disruption to its operation in 27 years.
Getty Images

However, Sunday’s early edition paper was printed and delivered since it’s produced on Friday.

Monday newspapers were also printed and delivered as usual, but Hughes said the team is omitting classified ads and death notices until Wednesday “out of an abundance of caution.”

Subscribers will not be receiving refunds, according to The Inquirer, since Sunday’s early paper was delivered and readers have access to the full paper online.

Employees will not be allowed to return to The Inquirer’s newsroom “through at least Tuesday because of the ongoing disruptions,” the site’s announcement reported.

Hughes said in an internal email update Sunday night that the company was “looking into a co-working space for Tuesday” as the reporters prepare for the Municipal Primary election on May 16.

Hughes also clarified in the email that the cyberattack wouldn’t affect coverage.

It wasn’t clear who was behind the security breach, or what motivations they had, though Hughes said the company notified the FBI, according to The Inquirer.

It was also unclear if the cyberattack was successful, if attackers were targeting specific employees or if confidential information was accessed.


The Philadelphia-based news organization is not allowing employees back into the office "through at least Tuesday," said Inquirer publisher Lisa Hughes.
The Philadelphia-based news organization is not allowing employees back into the office “through at least Tuesday,” said Inquirer publisher Lisa Hughes.
Getty Images

Hughes said employees or subscribers whose personal data may have been accessed in the attack would be “notified and supported” by The Inquirer.

Investigators are still trying to figure out how The Inquirer’s systems were accessed.

The news organization said it doesn’t require multi-factor authentication for logging into many of its key systems.

Multi-factor authentication, where users have to first provide a password and then respond to a secondary prompt — like answering a security question or entering a code from an email address or text — has increasingly become mandatory for employees working on company software.

During COVID, however, Hughes said that The Inquirer invested in monitoring systems for increased digital security while workers were remote.

Cyber-security company Cynet handles the news organization’s network security.

Since the cyberattack, The Inquirer has tapped Kroll — a corporate investigation and risk consulting firm — to investigate further.

As of Monday morning, The Inquirer’s website was functioning normally, though posting and story updating was slower than normal, and the customer support line was unavailable due to “unforeseen circumstances,” the recorded message said.


The Inquirer couldn't circulate Sunday's newspaper because of the cyberattack. Monday papers, however, were printed and delivered. The team omitted classified ads and death notices "out of an abundance of caution."
The Inquirer couldn’t circulate Sunday’s newspaper because of the cyberattack. Monday papers, however, were printed and delivered. The team omitted classified ads and death notices “out of an abundance of caution.”
AP

The Inquirer did not immediately respond to The Post’s request for comment.

“We appreciate everyone’s patience and understanding as we work to fully restore systems and complete this investigation as soon as possible,” a spokesperson said on Hughes’s behalf, according to The Inquirer. “We will keep our employees and readers informed as we learn more.”

The Philadelphia-based newspaper began circulating in metro Pennsylvania in 1829.

The weekend’s cyberattack marks the largest disruption in the paper’s operation in 27 years — since a blizzard that shut down the paper down Jan. 7-8, 1996.