The Atlantic posted a statement on their site yesterday:
On March 1, 2021, Atlantic Media, a minority shareholder and former corporate owner of The Atlantic, became aware that a serious issue was affecting its systems. Upon deeper investigation, it was discovered that an unauthorized actor had accessed its servers. Atlantic Media immediately engaged external forensics experts to lead an in-depth investigation into the situation and took measures to safeguard its systems as a team worked aggressively to restore the security and functionality of both systems and servers.
The forensic investigation found no evidence that any subscribers’, customers’, or clients’ financial or sensitive information was involved.
Regrettably, however, as Atlantic Media today informed employees, the investigation determined that certain portions of the network file-share server were potentially briefly accessible to the unauthorized actors. The potentially accessible folders on that server included one containing W-2 forms, W-9 forms, and other tax documents that contain names and Social Security Numbers of certain current and former employees of Atlantic Media; its current and former subsidiaries and affiliates, including The Atlantic; and some specific independent contractors. Atlantic Media does not have evidence of any fraudulent use or public disclosure of these data.
Read more of the statement on The Atlantic.