Cox Media Group (“CMG” or the “Company”), and pursuant to Cal. Civ. § 1798.82(f), this letter provides notice of a cybersecurity incident involving California residents.

October 8, 2021 BY ONLINE SUBMISSION Office of the Attorney General 455 Golden Gate Ave. St. 11000 San Francisco, CA To Whom It May Concern: On behalf of Terrier Media Buyer, Inc. dba Cox Media Group (“CMG” or the “Company”), and pursuant to Cal. Civ. § 1798.82(f), this letter provides notice of a cybersecurity incident involving California residents. By way of background, CMG is a for-profit broadcasting, publishing, and digital media services company operating in the United States, and its principal place of business is located at 1601 W Peachtree St. NE, Atlanta, Georgia 30309. Based on currently known information, CMG believes approximately 813 affected individuals reside in your jurisdiction. On June 3, 2021, CMG experienced a ransomware incident in which a small percentage of servers in its network were encrypted by a malicious threat actor. CMG discovered the incident on the same day, when CMG observed that certain files were encrypted and inaccessible. CMG quickly took its systems offline as a precautionary measure and took additional steps to prevent further unauthorized access. CMG also began a thorough investigation with the support of leading outside cybersecurity experts and promptly reported the incident to the FBI, including the Newark and Dallas field offices. CMG did not pay a ransom or provide any funds to the threat actor as a result of this incident. There has been no observed malicious activity in CMG’s environment since June 3, 2021. Although there was no initial indication (including from the threat actor) that data may have been taken in the incident, and although none has been observed through continuous dark web monitoring by CMG, we recently determined that the threat actor tried to remove copies of certain HR files on a server, but the forensic evidence indicates that the attempt to do so may have been unsuccessful. To date, CMG has no evidence confirming that personally identifiable information was actually removed from CMG’s systems or misused as a result of this incident. Nevertheless, CMG is notifying your office as well as individuals whose personal information was at risk of acquisition by the threat actor. The types of personal information that were at risk of unauthorized acquisition included names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials, stored for the purpose of human
Office of the Attorney General October 8, 2021 2 resource management. CMG is not aware of any cases of identity theft, fraud, or financial losses to individuals stemming from this incident. Soon after discovering the evidence the threat actor tried to remove copies of certain HR files, CMG began proactively informing known potentially affected individuals of the incident via email on July 30, 2021, and offered complimentary credit monitoring services to those individuals. Now that CMG has completed its document review process, CMG is sending notification letters to all individuals whose data the threat actor attempted to acquire and to provide complimentary credit monitoring services to this entire, identified population of individuals. CMG began providing notices on October 8, 2021 via U.S. Mail. Our detailed review of the population of affected individuals is ongoing, and we anticipate the possibility of additional notifications as we complete this process. We will provide your office with any material updates resulting from the investigation. The notice to individuals was not delayed as a result of a law enforcement investigation. A sample notification letter has been included with our online submission. As previously mentioned and stated in the sample notice, CMG is offering to provide 24 months of free three-bureau identity theft and credit monitoring services through Experian. Since discovering the incident, CMG has been working with the assistance of leading outside cybersecurity experts to enhance its security. The Company is continuing to monitor and improve its capabilities to detect any further threats and avoid any further unauthorized activity. These steps include multi-factor authentication protocols, performing an enterprise-wide password reset, deploying additional endpoint detection software, reimaging all end user devices, and rebuilding clean networks. CMG takes the protection of personal information seriously and is committed to answering any questions that your office may have. Please do not hesitate to contact me at 470-446-1789 or [email protected] Respectfully yours, Alysia Long Vice President and Associate General Counsel Cox Media Group Enclosure
Sample Individual Notification Letter October 8, 2021 [Full Name] [Address 1] [Address 2] [City], [State] [Zip Code] NOTICE OF DATA BREACH Dear [FIRST NAME]: We are writing to inform you of an incident potentially involving some of your personal information held by Terrier Media Buyer, Inc. dba Cox Media Group (“CMG”). We want to make clear at the outset that keeping personal data safe and secure is very important to us and we deeply regret that this incident occurred. WHAT HAPPENED? On or about June 3, 2021, a third party sought to disrupt our operations by means of an unauthorized, remote access to our computer network. After becoming aware of the incident, we quickly took steps to secure our systems and began a thorough investigation with the support of leading outside cybersecurity experts. We also promptly notified the FBI of the incident. CMG has determined that the unauthorized third party accessed a server containing limited personal information collected for human resources purposes. The unauthorized third party created a copy of that data on our systems and tried to remove a copy of that data from our network. We have completed our investigation and have no evidence confirming that your personal information was acquired by the unauthorized third party or misused as a result of this incident. Nevertheless, we are notifying you out of an abundance of caution because your information was contained in the data set that the unauthorized actor attempted to obtain. WHAT INFORMATION WAS INVOLVED? The types of personal information that the unauthorized third party may have obtained included your name, [additional data fields]. WHAT WE ARE DOING We have implemented enhanced security controls and have been cooperating with law enforcement to investigate this incident.
Cox Media Group data breach notification - bc - June ransomware attack
Original Document (PDF) »
Contributed by Sergiu Gatlan (Bleeping Computer)


Document