CyberInsider

Reliable cybersecurity news and resources

General

Guides

About

Cyber Insider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

BBC Employees Hit by Data Breach Incident on Cloud Instance

By Leave a Comment
BBC Employees Hit by Data Breach Incident on Cloud Instance

On May 21, 2024, the BBC’s information security team identified a data security incident involving the BBC Pension Scheme.

Unauthorized copies of files containing personal information of some pension scheme members were made from a cloud-based storage service.

Incident details

The breach was discovered by the BBC’s information security team and involved the unauthorized copying of files from a cloud-based storage service. The compromised data includes:

  • Names
  • National Insurance numbers
  • Dates of birth
  • Sex
  • Home addresses

Importantly, the breach did not involve telephone numbers, email addresses, bank details, financial information, usernames, or passwords. The affected files were copies, meaning there is no impact on the operations of the pension scheme, which continues as normal.

Upon discovery, BBC promptly reported the incident to the Information Commissioner’s Office and the Pensions Regulator. The source of the breach has been secured, and additional security measures have been implemented. Specialist teams are actively monitoring the situation, and ongoing investigations are being conducted to understand how the breach occurred.

Affected members are being contacted directly via email or post. If a member does not receive a notification, their data has not been compromised. While there is no evidence that the copied data has been misused, members are advised to remain vigilant for any suspicious activity or unsolicited communications requesting personal information.

The BBC has expressed sincere apologies to all affected members and reassured them that the incident is being taken extremely seriously. Efforts are ongoing with both internal and external specialist teams to monitor the situation and prevent further breaches.

Members who have been affected by the incident are being offered 24 months of free access to the Experian Identity Plus credit and web monitoring service. Instructions on how to register for this service have been provided in the individual notification letters.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *