Cyber Attacks On Businesses | Be Cybersafe | 30th May

BBC suffers data breach impacting current former employees

On May 21, the BBC experienced a cyber attack, resulting in unauthorised access to files on a cloud-based service. This breach compromised the personal information of approximately 25,000 BBC Pension Scheme members, including current and former employees.

The compromised data includes:

Full names
National Insurance numbers
Dates of birth
Sex
Home addresses

The attack did not expose telephone numbers, email addresses, bank details, financial information, or ‘myPension Online’ usernames and passwords. The operation of the pension scheme portal remains unaffected and secure for continued use.

Affected individuals will be contacted via email or post. If no notification is received, individuals can assume they are not affected. The UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator have been informed of the incident.

The BBC has apologised and stated there is no evidence of misuse of the compromised data, though they advise members to stay vigilant against potential scams. The BBC has guided enhancing security measures, including enabling two-factor authentication and accessing a 24-month credit and web monitoring service by Experian.

No specific details about the nature of the security incident were disclosed, and no ransomware or data extortion groups have claimed responsibility. These cyber attacks on businesses are becoming all too common; and it is vital that companies get their cyber security in place.

Former Cyber Security Chief Warns UK About China’s Growing Cyber Threat

Ciaran Martin, former chief executive of the National Cyber Security Centre (NCSC), has urged the UK to heed recent US warnings about the increasing cyber threat from China. Speaking at the DTX conference during Manchester Tech Week, Martin emphasised that the disruption of civilian infrastructure should be a “red line.”

Martin highlighted that Chinese hackers are emulating Russian tactics by pre-positioning themselves within critical infrastructure, potentially planning future attacks. This warning comes after Chinese hackers were blamed for a breach of a third-party supplier to the Ministry of Defence, compromising the payroll records of approximately 270,000 personnel, including current and former members of the British armed forces and at least one MP.

The CEO referenced a recent US alert about Chinese state-backed hackers targeting key sectors, which he described as a pivotal shift in Beijing’s cyber warfare strategy. He criticised the UK for not taking this warning seriously enough and called for greater attention to the threat across public, private, and civil society sectors. It was been stressed that the UK government should clearly communicate to China that any disruption to key infrastructure is unacceptable.

Martin also pointed out that, unlike Russia, China has not historically engaged in disruptive cyber operations but is now adopting similar tactics. FBI Director Christopher Wray previously warned that Chinese hackers had infiltrated critical US infrastructure, preparing for potential large-scale disruptions.

The heads of the Five Eyes intelligence agencies accused China of intellectual property theft and using AI for hacking last October. The FBI identified a group known as Volt Typhoon as responsible for infiltrating US companies in critical sectors, a tactic known as “pre-positioning.”

Martin noted the significant impact of infrastructure attacks, referencing the severe disruption caused by a ransomware attack on the British Library. He posed a scenario where multiple such attacks could occur simultaneously, causing widespread chaos.

Martin also welcomed a report by the tech website The Record, indicating that the UK government is considering mandatory reporting of ransomware attacks and requiring victims to obtain a licence before making ransom payments. He expressed satisfaction with the government’s serious approach to these threats.

Christie’s confirms breach after RansomHub threatens to leak data

Christie’s, the esteemed auction house renowned for its illustrious history spanning 2.5 centuries and operating in 46 countries, acknowledged a security breach following threats from the RansomHub extortion group. The incident, which occurred earlier in the month, prompted Christie’s to take immediate action, including the temporary shutdown of its website. A spokesperson for Christie’s confirmed that the breach resulted in unauthorized access to parts of the company’s network and the theft of some client data. While the extent of the breach remains under investigation, Christie’s assures that there is no evidence of compromised financial or transactional records.

In response to the breach, Christie’s is proactively engaging with privacy regulators, government agencies, and affected clients through personalized communication. Meanwhile, RansomHub, a relatively new player in the cyber extortion landscape, listed Christie’s on its extortion portal, setting a deadline for the auction house to respond before threatening to leak the stolen data. The group claims to possess sensitive information from approximately 500,000 Christie’s clients, including full names, physical addresses, ID document details, and other personal data.

Notably, RansomHub employs tactics beyond mere ransom demands, leveraging the threat of reputation damage and hefty GDPR fines to pressure its victims. Despite purported attempts at negotiation with Christie’s, the group alleges that these efforts were abandoned prematurely by the auction house.

While RansomHub is often associated with ransomware attacks, no encryptor has been identified in this instance, suggesting a focus on data theft. This trend was evident in a recent incident involving Change Healthcare/United Health, where RansomHub’s platform was utilized to leak stolen files as part of a ransomware attack on the American healthcare giant, showcasing the group’s modus operandi of collaborating with other threat actors to extort companies.

The situation underscores the evolving nature of cyber threats faced by organizations across various sectors and highlights the importance of robust cybersecurity measures and swift response protocols in safeguarding sensitive data and mitigating potential risks.

Prevent Cyber Attacks on Business – Be Cybersafe

Contact Cybersafe.co.uk for help on how we can help prevent cyber attacks on businesses from cyber criminals and how to become Cybersafe. Whether you have sensitive data or confidential information within your business, you are always likely to be a target for cyber criminals. We also have a podcast where you can stay up-to-date with the latest cyber security measures that will help your company fight against these threats.