Hunt Valley-based Sinclair Broadcast Group identifies data breach

Sinclair Broadcast Group, the Hunt Valley-based company that operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.

The company said in a filing with the U.S. Securities and Exchange Commission that it started investigating the security incident Saturday and, on Sunday, it found that some of its office and operational networks were disrupted. The broadcaster did not say how many TV stations were directly affected.


Data was also taken from the company’s network, it said in the filing.

The company owns and/or operates 21 regional sports network and owns, operates and/or provides services to 185 television stations in 86 markets, including WBFF and WNUV in Baltimore.


Sinclair said in the SEC filing that the data breach has caused — and may continue to cause — disruption to parts of its business, including certain aspects of local advertisements by local broadcast stations on behalf of its customers.

In Toledo, Ohio, WNWO appeared to be off the air Monday afternoon. The station posted on Facebook that “our operations are currently limited. We will provide further updates as they become available.”

On WJLA, a Sinclair-owned ABC affiliate in Washington, anchors opened their 4 p.m. newscast by telling viewers the station was under cyberattack and its computers and video servers were down. Nashville, Tennessee’s WZTV put out a notice on its website Monday about “serious technical issues” at the TV station affecting its ability to stream content.

“We are also currently unable to access our email and your phone calls to the station,” it said.

WBFF-Fox Baltimore did not appear to be having any disruptions.

Sinclair said it’s taken measures to contain the incident and is working diligently to restore operations quickly and securely.

A forensic investigation is ongoing, it said. The broadcaster is consulting a cybersecurity forensic firm and other professionals and has notified law enforcement.

Sinclair said it currently can’t determine whether or not the data breach will have a material impact on its business, operations or financial results.


Sinclair’s stock closed down about 2.9% in Monday trading at $26.39 a share.

The Evening Sun

The Evening Sun


Get your evening news in your e-mail inbox. Get all the top news and sports from the

Ransomware attacks, in which cyber criminals encrypt an organization’s data and then demand payment to unscramble it, are a growing scourge in the United States.

The Biden administration has pledged to disrupt and prosecute criminal networks like the one that attacked a major U.S. pipeline company in May. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.

Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.

Crane Hassold, director of threat intelligence at Abnormal Security, said the hacker behind the ransomware attack on Sinclair could have gotten into the company’s system a while ago.

“With many ransomware attacks these days, the initial access that precipitated the attack generally occurs weeks, if not months, ahead of time,” he said.


Several media outlets have been hit by ransomware attacks in recent years. Cox Media Group, a major media conglomerate, said recently it was the target of a ransomware attack earlier this year. And a ransomware attack briefly knocked the Weather Channel off air in 2019.

Baltimore Sun reporter Lorraine Mirabella contributed to this article.