back to article Cybercriminals raid BBC pension database, steal records of over 25,000 people

The BBC has emailed more than 25,000 current and former employees on one of its pension schemes after an unauthorized party broke into a database and stole their personal data. Names, national insurance numbers, dates of birth, sexes, and home addresses were included in the data that was exposed via a cloud database used by …

  1. Falmari Silver badge

    Give it time

    "Results of the investigation, which is still ongoing, indicate that the stolen data hasn't been misused at present"

    Give it time the incident was only detected on May 21.

    1. John Brown (no body) Silver badge

      Re: Give it time

      Meanwhile Ticketmaster and other US corporations are sitting on breached involving millions of people for many months before being involuntarily forced to go public, probably long after the victims have already been extorted, defrauded or whatever.

  2. m4r35n357 Silver badge

    Get our data OFF the internet

    I no longer believe there is _any_ organization capable of protecting our personal information these days. If it has to be paper, so be it - you had your chance and failed!

    1. Bertieboy

      Re: Get our data OFF the internet

      D'accord!

      1. Ball boy Silver badge

        Re: Get our data OFF the internet

        Agreed.

        Remind we why this kind of data moved to the cloud - and how such a decision sits with the inevitable 'We take the security of client data seriously' statement that some middle-tier wonk will be obliged to make. I can't for a moment imagine the choice was made on cost grounds! </sarcasm>

    2. Mage Silver badge
      Devil

      Re: Get our data OFF the internet

      A local database on gear not connected to the Internet is OK. You don't need paper.

      The problem is so called "Cloud" service. Simply someone else's server where you don't know what security, privacy or backups they really do.

      Ultimately those third party providers want to make a profit. It's only worth it for public facing stuff for small companies. No-one/nothing else should use it. https://www.corvidspress.com/fiction/otherworld-series/no-silver-lining/

  3. sitta_europea Silver badge

    It's like the bowl of petunias said...

    And it's odd that this doesn't seem to have been reported on the BBC News Website yet.

  4. JimmyPage Silver badge

    Names, national insurance numbers, dates of birth, sexes, and home addresses

    Could have been worse. Could have been their genders

    1. neilg
      Thumb Down

      Re: Names, national insurance numbers, dates of birth, sexes, and home addresses

      or post gender for the gender benders.

    2. bernmeister
      Facepalm

      Re: Names, national insurance numbers, dates of birth, sexes, and home addresses

      Could have been even worser. Their gender and preferred gender.

  5. Andy Non Silver badge

    "hasn't been misused at present, and the database has now been locked down."

    Horse and stable door spring to mind.

  6. Law

    2 years monitoring services?!

    Any breach of this type should have the company that owns the data be required to pay for a lifetime monitoring / resolution services. If somebody is involved in identity fraud going forward, the company should be fixing it, not the victim.

    The data is now out there for life, and it'll be duplicated, shared and sold to anybody and everybody on the dark web for the forseeable future. This is now a lifetime of risk for the victims, not just 2 years - it shouldn't be up to the victims to deal with this going forward.

    Maybe when the cost of a breach outweighs the savings in lax security practices these companies will take our data security a bit more seriously.

    1. Richard 111

      Re: 2 years monitoring services?!

      At this point I know businesses, not the BBC, have leaked my identity and important information multiple times. Are Experian and similar services actually worth anything? I don't know what the real costs of clearing up an attempted or successful identity theft are. I don't know what hoops you have to go through to actually claim real damages from Experian or other monitoring companies.

      The US government has a pretty detailed guide on what to do in the case of identity theft and a doubt any of the monitoring companies are going to help you much with the actual work of recovering from the fraud.

      https://www.justice.gov/usao-wdmi/file/764151/dl

      1. sitta_europea Silver badge

        Re: 2 years monitoring services?!

        "...doubt any of the monitoring companies are going to help you much with the actual work of recovering from the fraud."

        Quite so.

        And I think at this point it's probably as well to assume that unless you've lived in a cave with no electricity for the past 20 years your data will by now have been compromised and sold several times.

    2. GeoffAnonymoosehead

      Re: 2 years monitoring services?!

      Until there are harsher penalties for having a data breach this will continue. Already it seems to be commonplace and accepted.

      That is not acceptable.

      The "2 years of Experian" should be extended to "lifetime" and a payment to the individual concerned should also be arranged depending on the nature of the data and incompetence showed.

      The ICO should be doing stuff, but currently it seems completely toothless, just like ever other compliance body in this country (i.e. ofwat - the sewage/water company issues.... dont drink tap water).

      If the company cannot afford the insurance for that, then it should not be storing your data.

      If it is not confident it can protect your data then it should not have your data.

      GDPR is basically a total failure.

      It is that simple.

  7. bernmeister
    Unhappy

    What next?

    What next? Personal and financial details of every person in the world hacked. A dystopian future. I claim the film rights.

  8. Mr Dogshit

    Don't worry

    They're taking it "extremely seriously"

  9. FlamingDeath Silver badge

    Too much reliance on

    Too much reliance on cloud, for businesses they see it as a risk and cost cutting exercise, but for the rest of us we have no idea where our data ends up

  10. 4Candle

    What I find interesting is that the Universities Superannuation Scheme Pensions hack got their members only one year of free monitoring. I wonder why the BBC get two?

    https://forums.theregister.com/forum/all/2024/05/08/georgia_state_education_moveit/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like