Researchers at Comparitech, the pro-consumer website providing information, tools, reviews and comparisons to help readers improve their cyber security and privacy online, have discovered that ransomware gang Qilin claimed credit on its website for stealing 550 GB of data from the Big Issue, a UK-based street newspaper. The company has said in a statement that it is working with NCSC, NCA and Metropolitan Police to complete its investigation.
In a blog post, security and privacy advocate, Paul Bischoff, said that Qilin on March 26, 2024 claimed to have stolen the following data:
- Personnel: copies of documents, employee personal data
- Contracts: reports, partner data
- Financial reports, transactions, income
Bischoff also noted: “Qilin specifically mentions data from Big Issue Invest, a social impact investing solution that since 2005 says it has invested over £80 million in more than 550 organisations that help people in poverty. It has 140 investees and £45 million in assets under management, according to its website.”
The Big Issue responded to Comparitech by saying:
“Last week, the Big Issue Group experienced a cyber incident. On becoming aware of this, we took immediate steps to restrict access to our systems, working with external IT security experts, and the investigation into the incident is ongoing. Thanks to the proactive steps taken, we have been able to begin restoring our systems and are operating with limited disruption. The publication and distribution of the Big Issue magazine is not impacted by this incident.
“As part of our investigation, we’ve identified that certain data related to our organisation has been posted to the dark web by the perpetrators of this incident. We’re working with our external IT expert to complete our investigation as a matter of priority alongside the NCSC, the National Crime Agency, and the Metropolitan Police. In addition, we have notified relevant regulators and would like to thank our staff, partners, and suppliers for their patience whilst our investigation continues.
“This is a criminal act against our social activities and the causes we work to promote. […]”