US newspaper and media giant Gannett Co has been targeted by a phishing attack that it said potentially compromised as many as 18,000 current and former employee accounts.

Gannett, the publisher of USA Today and 109 local newspapers across the United States, said that so far, it hasn’t confirmed any access to or theft of sensitive personal data from the accounts or customer account information.

It did say that “employee information was potentially available through some of the affected account login credentials before the accounts were locked down.”

According to the announcement in USA Today, the attack was discovered on March 30, appearing to have started in the human resources department, and was investigated by Gannett’s in-house cybersecurity team.

“It appears that the breach at Gannet was pulled off after a hacker was able to compromise the Office 365 credentials of some HR employees,” said Bob Noel, director of marketing and strategic relationships for Plixer International, via email. “Once the hacker got control of actual employee email accounts, they were able to impersonate HR with what appeared to be a valid email to Gannett employees (although in actuality they were themselves phishing attacks).

The gambit was a classic fraudulent corporate wire transfer request; the request itself was flagged as suspicious by Gannett's finance team and wasn’t approved.

“Hackers have become so proficient with phishing emails that they can fool even the savviest of tech users which proves that people are the weakest link in the security chain,” said Noel. “As such, education should be a top priority, but in most organizations that is not the case. The lesson learned here is if you unexpectedly receive a digital request to provide personal information, before hitting send, you should pick up the phone and verify with the sender the legitimacy of the request. The cybersecurity team should be applauded for stopping the wire transfer of corporate funds mitigating the damages.”