BBC Breach Puts 25K Pension Scheme Members at Risk

After falling victim to a leak that put 25,000 of its current and former employees at risk, the BBC has confirmed it experienced a breach, or "data security incident," compromising the information of its BBC pension scheme members. 

According to the update on the BBC's My Pension website, files containing personal information of its members were copied by threat actors from a cloud-based storage service. 

The affected data includes names, national insurance numbers, dates of birth, gender, and home addresses. The BBC does note, however, that information such as telephone numbers, email addresses, bank details, financial information, and usernames and passwords were not included in the breach. In addition to this, the BBC reported that after one of its specialists conducted an analysis, they found that none of the affected files have been "misused."

As the files continue to be monitored, the pension scheme operations are continuing as normal, as the files involved were only copies of the original material.

"We want to reassure you that the source of the incident has been secured," stated an update on the BBC's website, noting that the broadcaster is continuing to investigate the breach and is contacting anyone who has been affected.

"The BBC has also stated that there is 'no evidence to date that this is a ransomware event,'" said Ted Cowell, head of cybersecurity, UK, at S-RM, in an emailed statement. "In itself, it is quite a big call to publicly rule out ransomware. … It suggests that the underlying problem here may be more of a misconfiguration which inadvertently exposed data, rather than a specific malicious attempt to steal data and hold it to ransom."

As the company continues to investigate the breach, it said that there is no specific action that affected individuals should take at this time, other than to be cautious of any suspicious communications and aware of best cybersecurity practices.