The BBC has reported a significant data breach affecting over 25,000 current and former employees. This breach originated from a third-party data storage service used by the BBC’s pension scheme. Unauthorized access was gained to a cloud-based storage service, resulting in the copying of sensitive files. The compromised data includes names, National Insurance numbers, home addresses, and dates of birth of some pension scheme members. However, it did not expose phone numbers, email addresses, bank details, financial information, usernames, or passwords. Additionally, the Pension Scheme website, member portal, and existence checking service remained unaffected.In response, the BBC has secured the source of the breach, launched an internal investigation, and implemented additional security measures. The organization has begun contacting all affected members and is providing support services, including credit monitoring and identity theft protection, to mitigate potential harm. Although there is no evidence of misuse of the data so far, the BBC continues to closely monitor the situation and advises affected members to remain vigilant.

This breach follows a series of cybersecurity challenges faced by the BBC, including being affected by the MOVEit hack last year, which exploited a zero-day vulnerability impacting multiple organizations. The recent incident has raised concerns about data security practices at the BBC and could lead to significant financial and reputational impacts for the organization. The ongoing situation highlights the risks associated with storing sensitive information online and underscores the importance of robust security measures.

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

• Get Realtime updates
• Save your favourite articles

Scan to download App