Employees told to stay ‘vigilant’ after raid on pension scheme data
The BBC has launched an investigation after the details of personal data of more than 25,000 former and current BBC employees has been compromised in a significant cyber attack targeting the broadcaster’s pension scheme.
The corporation’s pension scheme wrote to members on Wednesday to say their details had been stolen in a data security incident that it was taking “extremely seriously”. A spokesperson for the pension scheme said the details of about 25,290 people had been affected.
Sensitive information, including names, addresses, and National Insurance numbers, was exposed following the theft of files containing personal details from a cloud data storage service earlier this month.
While the identity of the perpetrators remains unknown, insiders have indicated that the incident does not appear to be a ransomware attack, and there is no evidence suggesting that the data has surfaced online.
Ransomware attacks typically involve organised cybergangs stealing large amounts of personal data.
A spokesman for the pension scheme, one of the largest in the UK with over 50,000 members, confirmed that no bank details, email addresses, usernames, or passwords were compromised.
Members have not been advised to take specific action but have been urged to remain vigilant for any unusual activity. This includes being cautious of unsolicited or unexpected letters, phone calls, texts, or emails, and any information directing them to a web page.
The spokesman stated: “The BBC’s information security team has alerted us to a data security incident involving the copying of some BBC pension scheme records from an online data storage service. We sincerely apologies to the affected members and understand this is concerning. We want to reassure members that the BBC has responded swiftly and the source of the incident has been secured.”
The Information Commissioner’s Office (ICO) and the Pensions Regulator have been informed of the breach, and both the BBC and its pension scheme have launched investigations into the incident.
“We are working at pace with specialist teams internally and externally to understand how this happened and take appropriate action. As a precaution, we have also put in place additional security measures and continue to monitor the situation.”
The BBC said there was currently no evidence that the private information had been misused but said this was being monitored. It advised members to “be vigilant for any activity that seems unusual”.
This breach comes less than a year after the BBC was targeted by a cyber attack orchestrated by the Russian hacker group Clop. British Airways and Boots were also affected by the same attack, which targeted payroll software Zellis and potentially impacted up to 100,000 British workers.
Additionally, The Guardian experienced a separate ransomware attack last year, which shut down its computer systems and forced the newspaper to close its offices.
A spokesman for the ICO commented: “BBC Pension Trust has made us aware of an incident, and we are assessing the information provided.”
