A tech editor and a data security officer (DSO) from a well-known newspaper have been implicated in a series of hacking activities targeting several high-profile entities, including government agencies and banks. This development raises significant concerns regarding their liability and the potential repercussions for the newspaper as an organization.
The National Bureau of Investigation (NBI) Cybercrime Division arrested several suspects including a newspaper’s DSO, who admitted to executing the hacking activities and claimed that it was under the instruction of the tech editor. The employee alleged that the editor sought to generate exclusive content for his columns and social media platforms through these illegal activities.
Under the Cybercrime Prevention Act of 2012 (RA 10175), unauthorized access to computer systems is a criminal offense. The DSO could face charges, imprisonment, and fines for committing cybercrimes under RA 10175. His cooperation with the investigation might mitigate some penalties but does not absolve him of liability.
The editor could face charges if it is proven that he orchestrated the hacking incidents. If the editor used the hacked information for personal gain or to manipulate public perception, he could be charged with data interference and misuse of devices. If proven true, such actions can represent a severe breach of journalistic ethics, undermining the trust and integrity expected of media professionals.
Conviction under the Cybercrime Prevention Act can result in imprisonment and substantial fines, depending on the severity and impact of the hacking activities.
Restoring Trust
The allegations against the editor and the DSO can severely damage the reputation of the newspaper, affecting public trust and credibility. They must demonstrate commitment to ethical standards and legal compliance to mitigate long-term reputational harm.
The organization could be held accountable for failing to implement adequate measures to protect personal data if the hacking led to the unauthorized disclosure of personal information (such as the publication of information on the dark web).
The newspaper could also face liability for negligence if it is determined that there was a lack of proper supervision and oversight over the editor’s and DSO’s activities.
Newspapers need to have established internal policies related to cybersecurity, data privacy, and ethical journalism. Ensure strict compliance with these policies across all levels of the organization. Review and update them regularly to incorporate any changes in the regulatory landscape or emerging threats. Ensure all employees are informed of these updates.
Publications should conduct in-depth cybersecurity and data privacy training sessions at least once a year. These sessions should cover the latest trends in cybersecurity threats, updates to relevant laws and regulations, and best practices for data protection.
New employees should receive comprehensive training on the organization’s cybersecurity and data privacy policies as part of their onboarding process. This helps instill a culture of security from the start.
By taking proactive measures, such as conducting a thorough internal investigation, taking appropriate disciplinary actions, reviewing policies, cooperating with authorities, and training employees, the newspaper can navigate these challenges and work towards restoring its credibility and public trust.