Hackers Break Into BBC Pension Fund to Steal Member Info

The BBC has suffered a “data security incident” that compromised the personal information of staff enrolled in the broadcaster’s pension program.

“The BBC’s information security team has alerted us to a data security incident, in which some files containing personal information of some BBC Pension Scheme members were copied from a cloud-based storage service,” the company said Wednesday.

Compromised data includes names, national insurance numbers, dates of birth and home addresses.

The broadcaster said that whoever breached its servers did not access phone numbers, email addresses, bank details, financial information, usernames or passwords, and did not involve the Pension Scheme website or our member portal (myPension Online).

The BBC Pension Scheme is an important part of the employee benefits package for BBC staff, offering financial security and support in retirement. The plan is designed solely for its employees but does include benefits for dependents in case of the member’s death. The pension is based on the person’s salary and years of service, including the final salary or career average salary and length of service.

The data files involved were “copies,” the broadcaster says, “and there is therefore no impact to the operations of the Scheme which continues as normal,” the notice mentions, perhaps suggesting this was not a targeted ransomware attack, where threat actors typically use data-crippling malware to pave the way for extortion in exchange for the decryption keys.

“We are working at pace with specialist teams internally and externally to understand how this happened and have also put in place additional security measures to monitor the situation,” says the BBC.

Those not contacted were not affected.

There is currently no evidence that the affected files have been misused, “and this continues to be monitored [but] it is always important to be alert to data and cyber security,” the notice adds.

The BBC encourages those affected to exercise caution.

“This includes unexpected letters, telephone calls, texts or emails and information that refers you to a web page,” the network stresses. “Please also avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If you are unsure don’t respond.”

The notice includes guidance and advice from the National Cyber Security Centre, as well as a comprehensive FAQ for members with additional questions or concerns.

Bitdefender offers Scamio for exactly these situations. Suspicious about a certain phone call, email, or SMS? Simply describe the situation to our clever chatbot and let it guide you to safety. You can share the exact thing you want to check, such as a screenshot, PDF, QR code, or link. Scamio lets you know in seconds if it’s a sham.