The BBC has launched an investigation after the details of more than 25,000 current and former employees were exposed in a data breach.
The corporation’s pension scheme wrote to members on Wednesday to say their details had been stolen in a data security incident that it was taking “extremely seriously”.
A spokesperson for the pension scheme said the details of about 25,290 people had been affected by the breach.
The BBC said it had seen no evidence that the incident was a ransomware attack – a type of hack commonly used by organised cybercrime groups to steal large amounts of personal data.
The BBC has one of the biggest occupational pension schemes in the UK, with more than 50,000 members.
In its email to staff, the corporation did not explain how the breach had happened, beyond saying that private records had been “copied from an online data storage service”.
The data leaked includes the name, date of birth and sex of members, their home address, national insurance number and an indication that they are a member of the BBC pension scheme.
The corporation said the breach did not include any bank details, financial information, telephone numbers, email addresses, usernames or passwords, or any sensitive health information.
The incident has been reported to the UK’s privacy regulator, the Information Commissioner’s Office (ICO), and the Pensions Regulator.
The email from Catherine Claydon, chair of the BBC Pension Trust, said: “We take this incident extremely seriously and we want to reassure you that we and the BBC have taken immediate steps to assess and contain the incident.
“Please be reassured that we have responded quickly and that the source of the incident has been secured.
“We are working at pace with specialist teams internally and externally to understand how this happened and take appropriate action.
“As a precaution, we have also put in place additional security measures and continue to monitor the situation.”
The BBC said there was currently no evidence that the private information had been misused but said this was being monitored. It advised members to “be vigilant for any activity that seems unusual”.
In a statement, a BBC pension scheme spokesperson said it “sincerely apologised” to members and added: “We want to reassure members that the BBC has responded quickly and that the source of the incident has been secured.
“We are working at pace with specialist teams internally and externally to understand how this happened and to monitor the situation.
“As a precaution, additional security measures have also been put in place.”
Although the nature of the attack remains unclear, it is the second known data breach to have been suffered by the BBC in under a year.
Last June, the corporation was one of a number of companies, including British Airways, Boots and Aer Lingus, to be affected by a mass hack believed to have been carried out by a Russian-speaking organised cybercrime group.
A spokesperson for the ICO said: “BBC Pension Trust has made us aware of an incident and we are assessing the information provided.”
Source: theguardian.com