Cyber Incident Victim: Wired Magazine
Date:
Apr 2019
Location:
United States of America
Summary
A cybersecurity incident impacted a third-party vendor hosting a magazine's subscription page, leading to unauthorized access of approximately 1,100 subscriber records during a multi-day period. The compromised information included names, postal and email addresses, and payment card details such as numbers, security codes, and expiration dates. The publisher, Condé Nast, initiated an investigation and subsequently notified affected individuals, offering complimentary credit monitoring and identity protection services for one year. The vendor responsible for the subscription platform was not publicly identified in the notification.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident involved unauthorized access to systems of a third-party vendor responsible for hosting WIRED's subscription page, impacting approximately 1,100 subscribers. Between April 14 and April 17, 2019, an attacker compromised the vendor's infrastructure to target subscription transaction data. Condé Nast, WIRED's parent company, initiated an investigation upon detecting the breach. By April 24, 2019, investigators confirmed that the exposed information included subscribers' names, postal addresses, email addresses, credit/debit card numbers, card security codes, and expiration dates. The breach exclusively affected individuals who conducted transactions through the vendor-hosted subscription portal during the three-day intrusion window. No evidence suggested broader compromise of Condé Nast's internal systems or other subscriber platforms outside this specific vendor interface.
Condé Nast issued breach notifications to all affected subscribers on May 9, 2019, disclosing the incident's scope and the types of compromised data. The notification letter did not identify the third-party vendor involved. As remediation, the company offered impacted individuals a one-year subscription to Experian’s IdentityWorks credit monitoring and identity protection services. The incident exposed full payment card details capable of facilitating financial fraud, though no specific misuse was confirmed in the notification. Response efforts focused on securing the vendor's systems and terminating unauthorized access, with no reported service disruptions to WIRED's subscription operations during or after the breach.