BBC Data Breach: Businesses Advised to be 'Extra Vigilant'

Share
The attack has inevitably raised questions and concerns about how businesses around the world will continue to be impacted by the growing cyber threat landscape
With executive insight from SailPoint and TrendMicro, we examine the recent data breach impacting the BBC and how it has raised cybersecurity concerns

This week (May 2024), the leading broadcaster disclosed a significant data breach impacting roughly 25,000 people, including current and former BBC employees. The cyber incident occurred on 21st May and consisted of unauthorised access to files hosted on a cloud-based service.

Compromised data included full names, national insurance numbers, dates of birth, sex and home addresses of the victims registered on the BBC’s pension scheme.

This comes in a recent string of cyberattacks, including ticket sales company Ticketmaster also in May, which has reportedly seen the data of more than 500 million users allegedly put up for sale online.

Keeping essential services safe

The attack has inevitably raised questions and concerns about how businesses around the world will continue to be impacted by the growing cyber threat landscape.

“Even [the BBC] isn’t safe from cyber criminals and the potential for sensitive information to be broadcast on the dark web,” states Steve Bradford, Senior Vice President EMEA at SailPoint. “In today’s threat landscape, the stakes have never been higher. Hackers are employing ever more sophisticated tactics in the pursuit of lucrative returns, and no industry is off limits.”

The BBC states that there is no evidence that this recent attack was ransomware - a type of malware that blocks user access to their data unless a ransom is paid. 

As a precaution, the BBC has put extra security measures in place, as stated in their letter to victims of the breach. It also advised members that the situation is being monitored and that members should be extra vigilant for unusual activity.

“The BBC’s statement describes the breach occurring as a result of data being copied from an online data storage service. My interpretation of that statement is that malicious actors broke into said online data storage service, using stolen credentials, to access and exfiltrate the data,” says David Sancho, Senior Antivirus Researcher at Trend Micro. 

Given that cyberattacks continue to rise, with telecom company BT last year revealing that more than 46 million cyberattack signals are seen on average every day worldwide, it serves as a reminder that this type of threat is inevitable.

By implementing threat detection and response strategies, businesses have a much higher chance of protecting valuable data, or recovering more easily from a breach.

Steve adds: “Organisations must take a multi-layered approach to security. Having strong visibility into who can access what and when, across their entire ecosystem, is crucial to minimise the risk of a breach occurring.”

Cyberattacks rise as businesses called to remain vigilant

The BBC also fell victim to a ransomware attack last summer in 2023, alongside other major corporations around the world, including fellow UK-based companies British Airways and Boots. This was as a result of a hack on the MOVEit file transfer that ended up impacting at least 40 million people worldwide.

Attacks of this scale are happening often and it is clear that large, well-known organisations will continue to be targets. 

“We probably haven’t heard the last of this breach,” David adds. “The likelihood that the data will be placed for sale on the dark web is, unfortunately, high and it could be subsequently used by scammers and hackers. Personally identifiable data could inform more sophisticated and personalised cyber-attacks targeting affected BBC pension scheme members. Ultimately, those impacted by the breach will need to exercise extra vigilance over the coming months.”

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security