BBC’s Pension Scheme members affected by data breach

Threat Actor: Unknown | Unknown
Victim: BBC | BBC
Price: Not specified
Exfiltrated Data Type: Personal information (names, National Insurance numbers, dates of birth, home addresses)

Additional Information:

  • The data breach occurred on May 21.
  • Threat actors gained access to files on a cloud-based service belonging to the BBC.
  • The breach exposed the personal information of approximately 25,000 BBC Pension Scheme members.
  • The compromised data includes full names, National Insurance numbers, dates of birth, sex, and home addresses.
  • The BBC’s information security team has alerted the impacted members and is contacting them via email or post.
  • No evidence of misuse of the compromised files has been found.
  • The BBC has implemented additional security measures and is investigating the incident.
  • The company has notified the UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator.
  • Members are advised to be cautious of unsolicited communications and to avoid responding to suspicious emails or providing personal information.
  • The identity of the threat actor behind the attack is currently unknown.

The BBC disclosed a data breach that occurred on May 21. Threat actors gained access to files on a cloud-based service belonging to the British public service broadcaster.

“The BBC’s information security team has alerted us to a data security incident, in which some files containing personal information of some BBC Pension Scheme members were copied from a cloud-based storage service. The files include some Pension Scheme members’ personal information including details such as names, National Insurance numbers, dates of birth and home addresses.” reads the announcement. “The data files involved were copies and there is therefore no impact to the operations of the Scheme which continues as normal.“

The incident did not impact the operation of the pension scheme portal, users can continue using it.

The incident exposed the personal information of approximately 25,000 BBC Pension Scheme members, including current and former employees.

The compromised data includes Full names, National Insurance numbers, Dates of birth, Sex, and Home addresses.

The British public service broadcaster investigated the incident with the help of external experts and have already put in place additional security measures. The experts have identified the security breach’s cause and secured it.

The company is contacting all impacted members by either email or post. 

At this time, the company has no evidence that the compromised files have been misused.

“Whilst there is no specific action affected members need to take, it is always important to be alert to data and cyber security.” continues the announcement.

Members are advised to be cautious of any unsolicited communications requesting personal information or unexpected actions, including letters, calls, texts, emails, and web page referrals. The company recommends avoiding responding to, clicking on links, or downloading attachments from suspicious emails.

The company notified the UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator.

BBC did not provide details about the security breach, it confirmed that investigations are ongoing, but at this stage they do not know who is behind the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Known Exploited Vulnerabilities catalog)



Original Source: https://securityaffairs.com/163908/data-breach/bbc-disclosed-data-breach.html