Contents:
The BBC has revealed that on May 21, a data security breach resulted in unauthorized access to files held on a cloud-based service, jeopardizing the confidentiality of members of the BBC Pension Scheme.
What Do We Know About the Incident?
The incident impacted roughly 25,000 people according to the reports, including former and current employees of the service broadcaster.
Full names, dates of birth, home addresses, and National Insurance numbers are among the leaked data. The announcement was published on BBC’s pension website and the broadcaster also clarified that information such as phone numbers, email addresses, bank details, financial information, and ‘myPension Online’ usernames and passwords were not exposed.
Also, the incident did not impact the operation of the pension scheme portal, which BBC reassures is safe for people to continue using.
Those who are impacted will receive notifications by email (sent from “mypension@bbc.co.uk”) or postal mail (if no email address is provided). Those who do not receive notifications should assume they are unaffected.
The UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator have also been notified on the breach.
The BBC issued an apology to both its present and former employees for the incident, said there was no proof the duplicated data was misused, and cautioned pension members to exercise caution.
In the apology, the broadcaster states:
Analysis undertaken by our specialist teams currently shows no evidence that the affected files have been misused, and this continues to be monitored… Whilst there is no specific action affected members need to take, it is always important to be alert to data and cyber security.
The BBC (Source)
The British broadcaster also encourages its members to be cautious to any unsolicited and unexpected communications that ask for their personal information or to take unexpected steps.
In addition, the BBC has released a FAQ page regarding the security event that includes instructions on how to activate a 24-month credit and web monitoring service by Experian and enable two-factor authentication.
The broadcaster has not shared much information about the type of security incident. No ransomware or data extortion groups have assumed responsibility for the attack yet.
If you liked this piece, you can find more on the blog. Follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.