Pierluigi Paganini May 31, 2024

The BBC disclosed a data breach that exposed the personal information of BBC Pension Scheme members.

The BBC disclosed a data breach that occurred on May 21. Threat actors gained access to files on a cloud-based service belonging to the British public service broadcaster.

“The BBC’s information security team has alerted us to a data security incident, in which some files containing personal information of some BBC Pension Scheme members were copied from a cloud-based storage service. The files include some Pension Scheme members’ personal information including details such as names, National Insurance numbers, dates of birth and home addresses.” reads the announcement. “The data files involved were copies and there is therefore no impact to the operations of the Scheme which continues as normal.“

The incident did not impact the operation of the pension scheme portal, users can continue using it.

The incident exposed the personal information of approximately 25,000 BBC Pension Scheme members, including current and former employees.

The compromised data includes Full names, National Insurance numbers, Dates of birth, Sex, and Home addresses.

The British public service broadcaster investigated the incident with the help of external experts and have already put in place additional security measures. The experts have identified the security breach’s cause and secured it.

The company is contacting all impacted members by either email or post. 

At this time, the company has no evidence that the compromised files have been misused.

“Whilst there is no specific action affected members need to take, it is always important to be alert to data and cyber security.” continues the announcement.

Members are advised to be cautious of any unsolicited communications requesting personal information or unexpected actions, including letters, calls, texts, emails, and web page referrals. The company recommends avoiding responding to, clicking on links, or downloading attachments from suspicious emails.

The company notified the UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator.

BBC did not provide details about the security breach, it confirmed that investigations are ongoing, but at this stage they do not know who is behind the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Known Exploited Vulnerabilities catalog)