Revelations that Russian hackers likely breached the computer systems of U.S. government agencies and numerous big companies are a chilling reminder that publishers need to take steps to protect their
networks. That's especially true for publishers that collect first-party data about readers to help their advertisers improve audience targeting.
The massive breach was first
revealed by cybersecurity giant FireEye
which described the attacker as "a highly sophisticated state-sponsored adversary." The company later explained its systems were compromised through a malicious software update introduced in a product
made by network-management company SolarWinds.
Unfortunately, hundreds of thousands of organizations use software made by SolarWinds, which said in a regulatory filing that as
many as 18,000 customers used the malware-laced version of its Orion platform. Those customers include government agencies such as the U.S. Treasury and Department of Energy, and companies like
Microsoft that do business with the government.
The federal government is concerned about the cyberattack, as seen last week in an emergency directive from the Cybersecurity and Infrastructure Security Agency
, part of the U.S.
Department of Homeland Security. It instructed all federal civilian agencies to review their networks and immediately stop using SolarWinds Orion products.
Only a handful of
companies have publicly acknowledged they installed its tainted software — and the extent of any damage from data breaches is still unclear. Cisco Systems, Intel, Nvidia and VMWare were among
the technology companies whose computers were infected with the software, The Wall Street Journal reported
in a thicket of internal investigations to determine whether hackers
stole sensitive information and to assess the potential legal liability from the breach. In many cases, companies are reluctant to admit they experienced a breach because they want to avoid additional
It's not yet clear whether the SolarWinds flaw affected any publishers, which should immediately consult their technology teams about any potential
vulnerabilities in their computer networks. With many publishers warehousing first-party data about their readers, protecting that information is a priority.