Telecommunications Conglomerate Sinclair Group Identifies Data Breach

Sinclair Broadcast Group, a telecommunications company that operates multiple TV stations across the U.S, has announced a data breach on its network. The cyberattack involved encrypted ransomware on some of its servers and workstations. The cybercriminals also stole data from the company’s network.

What Happened in the Sinclair Data Breach?

On October 16, 2021, Sinclair Group noticed unauthorized and illegal activity on its network. Hackers encrypted some servers within their workspace with ransomware to make the servers inaccessible. The hackers also stole some company data. Although the nature of the attack is still not entirely clear, all sports networks that the company owns and operates are all at risk.

“Our operations are currently limited” was the Facebook message posted by WNWO, one of the stations operated by Sinclair Group in Toledo, Ohio. This post surfaced after it appeared that the station was temporarily off air on Monday afternoon. Similarly, Sinclair owned WJLA in Washington announced through its anchors that the station was under a cyberattack. They could not broadcast because their server was down.

While some Sinclair owned stations were broadcasting just fine during this time, it was clear that this attack had disrupted normal operations. According to the company, the security breach will affect several parts of their businesses and adverts on several local broadcast stations. The effect will also include some financial losses in addition to what is already on the ground. On Monday afternoon, Sinclair’s shares fell by 3%.

“With many ransomware attacks these days, the initial access that precipitated the attack generally occurs, if not months, ahead of time,” said Crane Hassold, director of threat intelligence at Abnormal Security.

He made the statement while speaking on the issue. He argued that the hacker could have breached the network earlier than Saturday.

How is Sinclair responding to the Breach?

On discovering the security breach, the company’s management was notified immediately. An incident response plan was also implemented right away. On the following day, an investigation into the cyberattack started. In addition to these steps, incident response professionals like forensic firms and legal counsels were also engaged. Sinclair Group detailed the cyberattack and sent a report to the necessary government and law enforcement agencies.

In a filing with the U.S Securities and Exchange Commission on Monday, October 18, Sinclair Group stated that investigations into the security breach started on Saturday. By the next day, they had found a lead. They found out that some of their broadcasting networks were disrupted, although they did not mention how many TV stations were affected. They also admitted to losing some of the company’s data following this cyber attack.

What is Going on with the Investigation

An investigation is ongoing to determine the extent of the data breach. When it is complete, normal broadcast operations should be restored quickly and securely across all Sinclair-owned stations. The ransomware has not been traced to anyone yet, and no ransomware group has taken responsibility for the security breach so far. But experts are on the lookout for any such claim in the coming days.

Incidents of ransomware attacks on media outlets are on the rise in the United States. Hackers target breaching an organization’s network, encrypting their data, and demanding monetary ransom before unscrambling the encrypted information.

More should be done in addition to just identifying the data breach. Regaining full access to the server and preventing future attacks is the priority. As the professional forensic firm continues collaborating with government agencies during this investigation, it is only a matter of time before things return to normal. However, only time will tell if any group will eventually take responsibility for the cyber attack. It is still not clear if anyone will demand ransom for the stolen data.