Share this article on:
The BBC has revealed that it suffered a cyber incident in which an unauthorised party accessed some of its files.
According to reports, the threat actor accessed a cloud-based service that contained files pertaining to the BBC Pension Scheme and its members, compromising the personal data of approximately 25,000 people.
Those affected included both current and former BBC staff.
“The files include some Pension Scheme members’ personal information including details such as names, National Insurance numbers, dates of birth and home addresses,” the BBC wrote on its MyPension site.
“It is important to note that this information does not contain any telephone numbers, email addresses, bank details, financial information, usernames or passwords, and did not involve the Pension Scheme website or our member portal: myPension Online, or existence checking service: myPensionID.
“The data files involved were copies, and there is, therefore, no impact to the operations of the scheme, which continues as normal.”
The BBC has said there is no evidence to indicate that the attack was a ransomware attack or that the data had been misused in any way. Despite this, the publication said it was taking the incident very seriously.
“We sincerely apologise to all members affected. We are taking this incident extremely seriously, and we want to reassure you that the source of the incident has been secured,” added the BBC.
“We are working at pace with specialist teams internally and externally to understand how this happened and have also put in place additional security measures to monitor the situation.”
The BBC added that those notified are the only ones affected by the breach, and anyone who has not received an email is safe.
“Whilst there is no specific action affected members need to take, it is always important to be alert to data and cyber security. We encourage members to be cautious of any unsolicited and unexpected communications that ask for your personal information or ask you to take unexpected steps,” the BBC said.
“This includes unexpected letters, telephone calls, texts or emails and information that refers you to a web page. Please also avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If you are unsure, don’t respond.”