The hacker cadre LulzSec may have lost a key spokesperson last week with the arrest of Jake "Topiary" Davis, but its previous misadventures continue to bear fruit. New reports confirm the group's July cyber attack against news publication The Sun's website, which included a fake story about owner Rubert Murdoch's death by drug overdose, did much more than just embarrass the media mogul.
According to BBC News, The Sun owner News Group has come clean to its readers that some of their personal information was compromised during LulzSec's electronic invasion. The only confirmed victims so far are 14 former Miss Scotland hopefuls whose application data was posted to Pastebin, said the report.
Sophos' Naked Security blog features an image of The Sun's warning letter:
As you may be aware on July 19th The Sun website was subjected to an organised criminal attack. It has now come to our attention that some customer information from competitions and polls was breached as part of this attack. Details vary, but could include name, address, date of birth, email and phone numbers. No financial or password information was compromised.
We are contacting you because we believe that information that you submitted to us could have been accessed, and may be published online by the group responsible. We are working closely with the Police and the Information Commissioner's Office to ensure that all steps are taken to retrieve the files involved.
We regret that we've not been able to stop this incident from happening. We'll update you directly if there are further developments related to your specific data. We would advise as a precaution to take extra care when dealing with contact from third parties if they are unknown to you.
The information leak is being attributed to one "Batteye," who opened a Twitter account over the weekend and promoted the release of the ill-gotten content. Batteye has also published data on The Sun's Xbox users, 2009 Monarch quiz-takers and a Wrigley's-backed football competition. The hacker claims he is not a member of LulzSec or Anonymous. How he or she came by the data is yet unknown.
