Leaked data includes the name, date of birth and sex of members, their home address and national insurance number.
The BBC is investigating the data breach of more than 25,000 current and former employees.
According to The Guardian, the BBC’s pension scheme wrote to members yesterday to say their details had been stolen in a data security incident that it was taking “extremely seriously.” The email did not explain how the breach had happened, but that private records had been “copied from an online data storage service.”
The data leaked includes the name, date of birth and sex of members, their home address, national insurance number and an indication that they are a member of the BBC pension scheme. However no financial information, telephone numbers, email addresses, usernames or passwords, or any sensitive health information was breached.
Catherine Claydon, chair of the BBC Pension Trust reassured recipients that they are taking the incident “extremely seriously” and the BBC took immediate steps to assess and contain the incident.
“We are working at pace with specialist teams internally and externally to understand how this happened and take appropriate action,” she said. “As a precaution, we have also put in place additional security measures and continue to monitor the situation.”
Adam Brown, managing security consultant at the Synopsys Software Integrity Group, called this “a big breach”, not just in the size of 25,000 records (half of the beneficiaries) but in terms of the sensitivity of the type of data exposed, which includes regular beneficiaries and, one would assume, public figures' personal information, too.
“The BBC pension site appears to be up and running at the time of writing, which suggests that this was not a ransomware attack. It is quite possible that data stored on a connected repository with incorrectly configured security could have leaked,” he said..
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Streamlining the lifecycle of joiners, movers, and leavers using no-code automation
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
