The BBC has confirmed a data security incident involving the personal information of some members of the BBC Pension Scheme.
The breach, which was detected by the BBC’s information security team, involved unauthorized access to a cloud-based storage service where files containing sensitive data were copied.
The compromised files include personal information such as names, National Insurance numbers, dates of birth, and home addresses of some Pension Scheme members.
Importantly, the breach did not involve any telephone numbers, email addresses, bank details, financial information, usernames, or passwords.
The Pension Scheme website, member portal (myPension Online), and existence checking service (myPensionID) were not affected.
All-in-One Cybersecurity Platform for MSPs to provide full breach protection with a single tool, Watch a Full Demo
The BBC has taken swift action to secure the source of the breach and is working with specialist teams internally and externally to understand how the incident occurred. Additional security measures have been implemented to monitor the situation closely.
“We sincerely apologize to all members affected,” said a BBC spokesperson. “We are taking this incident extremely seriously and want to reassure you that the source of the incident has been secured. Our specialist teams are working at pace to understand how this happened and to prevent any future occurrences.”
The data files involved were copies, and there is no impact on the Pension Scheme’s operations, which continue to function as normal.
The BBC has emphasized that there is currently no evidence to suggest that the affected files have been misused. However, the situation continues to be monitored closely.
The BBC is in the process of contacting all affected members via email or post. Members who do not receive a communication can be assured that their data was not involved in the breach.
“We appreciate that any incident involving personal data is worrying,” the spokesperson added. “We are contacting all members affected to provide them with the necessary information and support.”
Advice for Members
While affected members are not currently required to take specific action, the BBC advises all members to remain vigilant regarding data and cyber security.
Members are encouraged to be cautious of any unsolicited and unexpected communications that request personal information or prompt unexpected actions. This includes unexpected letters, telephone calls, texts, or emails, and information that refers to a web page.
The BBC advises members to avoid responding to, clicking on links, or downloading attachments from suspicious email addresses. If there is any uncertainty, members are urged not to respond.
The BBC is committed to ensuring the security of its member’s personal information and is taking all necessary steps to address this incident.
The organization will continue to provide updates as more information becomes available and remains dedicated to maintaining the trust and confidence of its Pension Scheme members.
Get special offers from ANY.RUN Sandbox. Until May 31, get 6 months of free service or extra licenses. Sign up for free.