Associated Press Stylebook data breach exploited in phishing attack

The Associated Press has issued a warning regarding a data breach that has affected customers of the AP Stylebook. This widely-used reference guide serves as a resource for journalists, publications, and newsrooms worldwide, offering guidance on grammar, punctuation, and writing style.

The breach pertains to an outdated third-party-managed AP Stylebook website that was no longer operational. It was compromised during a window spanning from July 16 to July 22, 2023, leading to the theft of data of 224 customers.

The stolen information encompasses a customer's comprehensive details, including their

• name,
• email address,
• physical address,
• city,
• state,
• zip code,
• phone number,
• User ID.
• Those customers who had entered tax-exempt identification numbers, such as Social Security Numbers or Employer Identification Numbers, this sensitive data was also compromised.

The Associated Press became aware of the potential data breach on July 20, 2023, after several AP Stylebook customers reported receiving phishing emails. These fraudulent messages instructed recipients to update their credit card information, raising suspicions.

Upon discovering the phishing attack, the Associated Press shut down the compromised site and halt the phishing campaign to prevent further harm.

In the closing days of July, the company initiated notifications to all AP Stylebook customers, warning them about the phishing attacks. The fraudulent emails were traced back to an address originating from 'support@getscore.my[.]id' and featured subjects closely resembling "Regarding AP Stylebook Order no. 07/20/2023 06:48:20 am."